OpenWrt GUI session timeout

I want to decrease the session timeout of openwrt GUI. I have found the session time in /etc/config/luci.

config internal 'sauth'
        option sessionpath '/tmp/luci-sessions'
        option sessiontime '3600'

Now I have changed this "3600" to 300 sec.
It is not working. I have didn't do any activity in GUI for up to 8 mins.
After that I refresh the page then it is redirecting to the same page.
Expectation: It should log out and again we need to log in the GUI to access that.

Anyone can help in fixing this issue.

Thanks in advance.

Just restart the rpc daemon afterwards, e.g. /etc/init.d/rpcd restart

Not working.
I have also removed index cache and browser cache. Still facing this issue.

/etc/init.d/uhttpd restart

As long as something is polling the backend, the session will not expire. This is by design and cannot be changed in configuration.

The behavior is hardcoded in the rpcd backend service and needs recompilation to disable it.
Whenever something reads the session, the expiry timer is reset. Only when the session is not touched for 3600 (or in your case 300) consecutive seconds, rpcd will purge it from memory.

Various LuCI pages have XHR background polling functionality which will fetch JSON data every 5 seconds. These polls will reset the expiry timer on every request.

Perhaps something for the wiki, as this was recently asked and answered in LuCI session expiration

Hi @jow
Thanks for your explanation. It helps us a lot.
But when I didn't touch the session for 300 consecutive sec, still not coming to the logout page.

Hi @jeff

I have checked this link and done the same thing still not working.

Hi @vgaetera

run the command. But not working.

Run ubus call session list from an SSH session. If the expiry timer keeps resetting, something is keeping the session active, e.g. a background XHR poll on an open browser tab or similar.

Hi @jow

Yes, expiry timer is changing.
below is the output.

ubus call session list
{
	"ubus_rpc_session": "00000000000000000000000000000000",
	"timeout": 0,
	"expires": 0,
	"acls": {
		"access-group": {
			"unauthenticated": [
				"read"
			]
		},
		"ubus": {
			"session": [
				"access",
				"login"
			]
		}
	},
	"data": {
		
	}
}
{
	"ubus_rpc_session": "e08dca252cf5a5438d61cd03af6d301c",
	"timeout": 3600,
	"expires": 2902,
	"acls": {
		
	},
	"data": {
		"section": "86a7ec6e2a58bcc498d77e5d4f278dfc",
		"token": "a62f412ac4197c269b69c1ed1cecb61e",
		"user": "root"
	}
}

Your timeout is still the default value, please follow my first advice and restart rpcd after your timeout changes in /etc/config/luci.

For testing the new timeout log in to LuCI and wait for the timeout on a page without XHR polling events, e.g. Status => System Log

Hi @dibdot

For Status > System log, It is working fine because there are no XHR polling events on this page.

But is there any solution for the page in which we have XHR polling events?

No, as @jow already stated before.

Thank you for your support.

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

Hi @lleachii

There is no solution for session timeout in which xhr polling is happening continuously.
But if I need to marked as "SOLVED" then it will do.

If you turn off Auto Refresh on the relevant pages you browse to, does your session time out?

Hi @lleachii

I have checked by turning off "Auto Refresh" button and my relevant page which i want to browse, is getting session timeout.

I have just found out that if the Luci tab is not active, the expiration counter is active, no mater what page you are at.

So if your Luci tab is not active, the session will expire at the given timeout in the config.