We are using ShinyProxy with docker to host our shiny apps. For authentication, we use LDAP. Our setup works so far but now we need to meet a new security requirement: The user should be logged out after being inactive for 30 minutes.
I have seen the following configuration options:
server.servlet.session.timeout and
proxy.heartbeat-timeout
but as far as I understand, this only stops the app container on certain conditions. Our requirement is to perform a logout so that the user needs to sign in again before being able to access their apps. With the above configuration, the app restarts when refreshing the page.
My approach so far has been to stop the shiny app from within the shiny-code when the user has been inactive (tracking with js). The app is then greyed out.
So what I am looking for is a configuration to automatically log out the user when the app stops.
(Or a completely different approach to the problem ^^)
Sometimes I do see a screen saying “You have been (automatically) log out - return to log-in” or something along these lines but I do not yet understand this behaviour.