lindleycblindleycb
40

Meteor Stale Session

screenshot of Meteor Stale Session

Stale session and session timeout handling for meteorjs

Github

Overview

The zuuk:stale-session package addresses a significant security concern within Meteor applications by introducing session timeout handling. In environments where multiple users may access the same machine, the lack of session expiration can lead to unauthorized access if one user forgets to log off. This package effectively mitigates that risk by monitoring user activity and automatically logging users off after a set period of inactivity.

Developed out of necessity for a project at ZUUK, this package fills a gap where existing solutions were not reliable. It not only enhances security but also brings a configurable and user-friendly approach to session management in Meteor applications.

Features

  • Automatic Logout: Users are automatically logged off after a configurable period of inactivity, enhancing security by reducing unauthorized access opportunities.

  • Configurable Timeout: Set the inactivity timeout according to your needs, with a default setting of 30 minutes, easily adjustable in your settings file.

  • Multi-Device Synchronization: Log on to multiple devices while maintaining session integrity; activity on any one device keeps sessions alive across all devices.

  • Heartbeat Intervals: Configurable heartbeat intervals ensure that the server receives activity signals without overwhelming it, with a default of every 3 minutes.

  • Thorough Session Purging: Stale sessions are identified and cleaned up at a regular interval (default 1 minute), ensuring that expired sessions do not linger unnecessarily.

  • Activity Event Tracking: Monitor a variety of user interactions deemed as activity, such as mouse movements and key events, which are fully customizable according to application requirements.

  • Simple Configuration: Easily manage settings through a straightforward config/settings.json file, making it accessible for developers to implement.

  • Community Contribution: This package is shared back with the community, drawing insights from previous implementations while ensuring better reliability and ease of use.