[Feature] Remove Default Auto-Logout

[ptrckbp]

Describe the bug

The application often logs out while i'm working.

To Reproduce Steps to reproduce the behavior:

1. Login to botpress
2. Start working
3. Jump between windows.
4. Botpress will eventually log out without warning

Expected behavior I don't expect it to log out while i'm working on it. If a log out is required for security reasons for many users, I think it should be activated through an optional parameter in the settings.

Additional context This may be happening more often to me because I work with multiple monitors, and it seems to be activated on window switch. Botpress is always open on one of my monitors though.

I think this is a problem for two reasons :

• The first time I tried botpress, I put in a rubbish password to just try. After being locked out, I spent too much time looking for how to reset the password.
• If you are in a screen and working, the automatic log-out can derail your work.

[EFF]

Default behaviour is configurable, see botpress.config.json. here : https://github.com/botpress/botpress/blob/ea51a7bcd816143879f24e7cf1bd32f80344800e/packages/bp/src/core/config/botpress.config.ts#L482

and see rudimental doc here : https://botpress.com/docs/advanced/authentication

Is this really a bug do you ? IMO it's more of a feature request

[ptrckbp]

I thought about putting it under feature too, but It can lead to new users abandoning, due to being locked out, I think it's pretty important. Is there a strong reason for not changing the default behaviour?

[J-FMartin]

thanks - we will not change this behavior - this is required for security reasons

[hacheybj]

We have agents working on HITL who are being logged out in the middle of their work.

Increasing the duration is not an option and it involves security risks.

A user session should timeout only after a pre-defined period of idle time.

This happens even though allowRefresh is set to true.