Limit Zitadel login to browser session
Hi,
just stumbled over a somewhat severe issue
In some parts of our organisation people use "shared desktops" (PC clients without personal login accounts) and while the users are trained to close the browser when leaving the machine, they do not understand that they need to terminate the Zitadel session separately (which is also a bit cumbersome as we blocked the login for users to prevent them from changing their user data). I found several settings on the lifetime of tokens but I did not find any place where to limit the cookie lifetime for the Zitadel login session to the browser session.
If this is not yet implemented, is there any documentation how to link a custom login ui with the regular OIDC IDP workflow?
Oli
just stumbled over a somewhat severe issue
In some parts of our organisation people use "shared desktops" (PC clients without personal login accounts) and while the users are trained to close the browser when leaving the machine, they do not understand that they need to terminate the Zitadel session separately (which is also a bit cumbersome as we blocked the login for users to prevent them from changing their user data). I found several settings on the lifetime of tokens but I did not find any place where to limit the cookie lifetime for the Zitadel login session to the browser session.
If this is not yet implemented, is there any documentation how to link a custom login ui with the regular OIDC IDP workflow?
Oli
