Mattermost, Inc.

[SOLVED] How can i force session cookies for the web interface

I would like mattermost to behave in such a way that when a user closes the browser, (s)he is automatically logged out

I’ve found the section about how to manipulate the session configuration in the docs (https://docs.mattermost.com/administration/config-settings.html?highlight=session#sessions) but it seems i can only set a fixed amount of days? That means when a user completely switches of the computer and boots it again (s)he is always automatically logged in to mattermost. I find that very undesirable for the web-interface since it might be used on computers that are shared.

Is there really no way to tell mattermost it should set a session cookie? (so that the session gets destroyed when a user closes the browser)

Hi @themarty. We don’t have support for that yet, but it sounds like a great idea. Would a user be enabling that themselves or would that be configured system-wide like the other session length settings?

If you’d like to contribute this in the feature idea forum, it can be discussed, upvoted and considered for a ticket accepting pull requests?

Please include a link back to this post. If you’re interested in implementing, please say so and we’ll prioritize the review.

Hi @hmhealey
I’ve submitted the idea! https://mattermost.uservoice.com/forums/306457-general/suggestions/17832592-support-for-session-cookies

Thanks for submitting your suggestion @themarty!

I’ll mark this issue solved for now and hope your feature suggestion gets lots of votes on the feature idea forum!