When Im working, I personally like to keep the web ui open so that I dont need to messify my terminal with doppler commands or have a separate terminal window just for doppler. But the web UI has no auto logout after an inactive amount of time. I thought maybe it was a setting but I cannot find it. I will come back after hours or after the computer hibernates and I have full access. And more worrying is that if I close the window and go back I just hit login and it auto logs in.
Is there a reason for this or am I just missing the setting somewhere?
Per our discussion via support ticket – our web session duration is currently 7 days and that duration refreshes whenever you view a page. This is one of those ease-of-use vs security trade-offs. If sessions expire too frequently, it creates a frustrating experience which can then lead to people not using the tool as much as you’d like. That said, we do realize that duration is not ideal for everyone and have discussed making it configurable internally. This is definitely something you might see in the future. For now, if you want to make sure your user is logged out in less than 7 days, you’ll need to manually logout.
And as per the email discussion you had a great point that I overlooked that there are many websites related to development that keep you logged in such as github which have the same security problem Im thinking about. I dont know how I missed this point in my internal dialogues but its got me looking into browser extensions regarding programmatic cookie management as a single control plane for this functionality across the various providers.
All in all, I think that will be a better path for me personally and maybe for others which is why Im posting this comment.
But if and when this feature gets added it would be useful.