Idle time auth token counter reset

[msmcknight]

Hi everyone,

I'm new to ZCS and have a new installation up and running (5.0.16).

It seems as though the auth-token-lifetime is a static value set when the user first logs in... and it's never updated.

What I mean is, a user who logged in 2 days ago (given the default setting) might be logged out if they are right in the middle of actively using ZCS. Even if their idle time is within limits, the auth session forces a reauthentication.

It would seem that the auth token should be refreshed given a users activity. Otherwise, it is very frustrating to be actively using a system and it force you out.

Does anyone know how to remedy this behavior? Being new at it, I'm not completely sure I haven't missed a setting somewhere.

Any help would be appreciated.

Thanks to you all in advance,
-Michael

[jwtadmin]

I will second this. After a bit of experimentation it is unclear what triggers a reset on the auth token timeout values.

Composing a new message, tabbing between messages all seem like it should trigger a reset, but it does not.

I tested this by setting the values very low, like 45 sec and found that I could do a LOT in the web client without triggering a reset.

We have had several cases open with Zimbra on client timeout issues (usually related to composing a message and then losing it all) but we have never had a solution.

Our auth token timeout is set to 4 hours and the session idle is set to 7 days.

If they match the idle session should in theory log the user out, but it appears what constitutes idle is not the same in the ajax client and what is sent to the server.