search

jellyfin / jellyfin-roku

The Official Roku Client for Jellyfin
https://jellyfin.org
GNU General Public License v2.0
438 stars 133 forks source link

Roku client does not logout from account when closing the app #1403

Closed Bookermind closed 11 months ago

Bookermind commented 11 months ago

Software Versions

Describe the bug

Currently the Jellyfin Roku app will not log out a user when the app is closed. Therefore is there are two users on a library: a parent (full access) and a child (PG rated items only for example). The parent logs into Jellyfin on Roku and watches a movie. When they close the app they remain logged in, meaning that when the child opens the app next time they can see ALL content and not the restricted content they should see.

I would suggest a button in the UI to force logon on app closure (and optionally after a period of inactivity). When toggled this button makes closing the jellyfin app also perform the logout event.

How To Reproduce

  1. Open the Jellyfin app on Roku
  2. Sign in as an Adult/Administrator
  3. Close the Jellyfin App
  4. Reopen - you are automatically signed in as the previous user (rather than prompting for a user)

Expected behavior

This lack of user prompt on login circumvents and parental controls on the Jellyfin library. Regardless of any parental controls any child account can access all media on the library if the device was last logged in by an adult. The app should prompt for a user on each and every login as a roku device by definition is a shared device.

cewert commented 11 months ago

This feature was added in https://github.com/jellyfin/jellyfin-roku/pull/1374 with the global "Remember Me?" user setting (defaults to off which is what you would want).

PS: The search feature completely ignores parental settings. If your child searches for something they will see results from all libraries - see https://github.com/jellyfin/jellyfin-roku/issues/1029