SECURITY: Admin -Defined Time to Stay Logged-IN Per Session

CyberPanel Project Feature Request
1

How do i begin ??!

Should CyberPanel not include a DROPDOWN ADDON on the login page in which an admin can choose/select from various time options {((5 mins, 10 mins, 30 mins, 1 hour, 2 hours, 3 hours or "Manually Input Preferred Session Time Based ON MINUTES))} to stay logged-in ??

IT WORKS LIKE THIS >>>>

  1. An admin goes to the login page, he knows he might do something else but not sure.

  2. He chooses the option that says “I want to be online for 10 mins”.

  3. He goes into CyberPanel successfully.

  4. He does things.

  5. Then he gets an urgent call, goes to the bathroom, goes to the kitchen, does another thing online that might expose his data, gets a visitor but gets deceived by that same visitor (visitor’s there to hack :::: could be anybody), closes web browser thinking browser cache has been cleared, forgets to lock/sleep computer (laptop, desktop or even mobile), etc.

  6. He is doing whatever whatever whatever.

  7. When he spends beyond 10 mins being inactive, “CyberPanel will then FORCEFULLY KICK HIM OUT !!” as CyberPanel will not be able to know if HE (THE ADMIN) is coming to play around again or NOT.

  8. He comes back from whatever or wherever place he has been (to) and says “Ah! CyberPanel has kicked me out !! That’s GREAT/ANNOYING” … Reaction would depend on admin.

  9. Yes, he would have to login again to do whatever he has been doing … Or closes his computer … Whatever he decides.

WHEN an admin is inactive after 10 mins (i.e the selected time option), he will be AUTOMATICALLY LOGGED OUT by CyberPanel … This could add more strength to CyberPanel Security … We can not but do other things while on CyberPanel and anything can happen online …

We also tend to neglect internal threats at home, we always tend to believe that “If we would be hacked, it would be from the web”… Home threats are just as “terrible” as web threats …

2

more simple:

on open check the token
on close token expired

3

I personally do not support this for the reason that most of the web administrator does not logs into cyberpanel all day. Once the websites are setup in cyberpanel, we mostly control websites from its respective backend. Only if we have to change something with the files, we log into cyberpanel and do the required changes which doesnt take much time.

If we forcefully logout the session at certain intervals (maybe as you mentioned, 10 minutes), it will be irritating for any admin while he is doing something at the panel.

If you are concerned about the security at your own home, then thats a red flag for you in particular. Home is where you have 100% control of every activity and strangers/hackers/enemies dont stay at your home I believe. If its otherwise, then its a grave concern for you in particular.

There is also an option to logout with just a single click on top right corner of the panel in-case you dont trust your members at home while leaving the desk.

4

i was…
hahaha but now i use at least reseller level with default reseller ACL

btw @die2mrw007 … do you know what is the default reseller acl option ?
i want to create custom reseller acl with same acl default reseller acl and add/remove some option

5

cyberpanel has 3 permission levels
Admin - with all permissions active
reseller - with account creation access, and other few permissions
user - the end user (shared hosting permission) where only the websites created under this account will be visible to them.

6

i know
i mean about the acl option
users/createNewACL
what option that default reseller acl have