[jira] [Commented] (GUACAMOLE-2138) Add an optional maximum connection timeout

Wed, 24 Sep 2025 17:41:39 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-2138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18022602#comment-18022602
 ] 

Trevor Kuhlengel commented on GUACAMOLE-2138:
---------------------------------------------

Thanks for the clarification! I will look into this. 

Having the idle timeout (as set per connection) happen in guacd appeals to me, 
and I will give that a try.  I need to learn more about the signaling pathways 
between the two in order to make that work cleanly. 

I still think there is some value in including a "global" default in the Java 
web server client, as this will make the administration of large connection 
collections much easier (and make it easier to change the timeout for all of 
them at the same time). 

> Add an optional maximum connection timeout
> ------------------------------------------
>
>                 Key: GUACAMOLE-2138
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-2138
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole
>         Environment: Any
>            Reporter: Trevor Kuhlengel
>            Priority: Minor
>              Labels: security
>             Fix For: 1.7.0
>
>
> In my company's business use case for Guacamole, for security and auditing 
> purposes, we need to be able to ensure that any idle user is disconnected and 
> logged off within a set period of time of idleness. 
> In an *ideal* version of this, we would do the following. 
>  # Check if user has interacted with connection in last X minutes, or if an 
> active SFTP transfer is happening on the connection.
>  # If not, terminate the user connection after X minutes of inactivity. 
>  # If they remain idle, Guacamole idle timer will log them out after the 
> pre-configured login idle timout.
> This requires a lot of conditionals and would be more difficult to implement 
> and maintain in an on-going project like Guacamole. 
> A {*}more practical{*}, yet sufficient, version is:
>  # Admin sets a maximum duration of ANY connection, given in minutes. 
>  # Any connection that exceeds that duration, regardless of activity, is 
> terminated, while the user remains logged in.  They are free to reconnect if 
> the user is still active. 
>  # The login idle timeout starts when the connection ends. 
> This second option would meet our business need, and we would like to share 
> it with others. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to