idle_reauthenticate
Authenticated users may leave their browser unattended. This may impose a security issue for the application and/or the managed data, or it may be an inconvenience, if the same browser is supposed to be used by multiple users.
To prevent those issues from happening, but also not disturbing the current user, this module blocks any interaction in the browser for the current session and shows a modal dialog box where the user returning to the screen has various options:
- Re-authenticate with the user password
- Re-authenticate with a user-defined token (coming soon #3505310: Add user defined token for re-authentication instead of password)
- Re-authenticate with 2FA (coming soon #3505311: Add support for 2FA)
- Login as a different user
Administrators can configure the idle time before a session gets blocked and requires re-authentication. They can also configure, which of the re-authentication methods will be allowed.
This module does not only block the current browser tab, it also blocks the session. Otherwise, the user could simply open another browser tab and continue working. The module does not invalidate the current session because then the user couldn't easily continue working after re-authentication, i.e. an open form which was half filled before e.g. the phone rang or the user got distracted otherwise.