Adding a log-in max duration and disabling multiple log-in

1- Once users are log-in like my admin account, there is no maximum time set to stay log-in and it can be set like this forever until connection machine is reboot.
2- Closing browser do not close log-in. Restart Chrome, go back to nextcloud and voila, you’re log-in again.
3- Multiple parallel log-in allowed in same time.
machine 1 network 1 -->ok ( local net )
machine 2 network 1 -->ok ( local net )
machine 3 network 2 -->ok ( 4G net 1 )
machine 4 network 3 -->ok ( 4G net 2 )

Let’s imagine you have a admin log-in from your smartphone browser ( or tablet ) and you loose/be stole it … access will be granted unless stolen hardware is reboot or you change password.

This is a severe security issue !

Just delete your cookies … on browser close.

Impossible in case you have been robbed … Impossible in case you lost your machine…

Easy fix, but still an enormous security problem.

close browser don’t do it !

Don’t login as admin on your phone

Yes - autologout from webinterface after x minutes would be nice …

You can configure it. When I close my browser all my cookies are gone and I have to re-login.

50+ users, don’t have access to all machine to set things up.

Security problems should be fix on servers base, not users base.

Further more those 50+ users generate a 140+ hardware groups of machine; from laptop, desktop, smartphones, Windows, android … and i don’t talk about apple stuff !!!

Managing access on a one by one basis from nextcloud gui is not the good way.

That could be a way to handle it.

So the question is now, should i tweak my linux directly, or should this be a nextcloud feature in case of extreme lazziness of linux admin

Another option is to display a list of currently logged in users & devices in the Admin interface, and force a logout server side. This will allow admins to manage access to the server if a device is lost or stolen.