If I understand your problem correctly; the issue is that a user doesn't
log off properly, another user coming along can then take over the
original session if the original session hasn't automatically timed out?
If a user hasn't correctly logged off then Guacamole has no way of
knowing if there is simply a 'glitch' in internet traffic, someone's
taken a quick break, or whether the user has indeed gone. Because of
this there is a specific session timeout value, the default is 60 minutes.
This is described in the manual here:
https://guacamole.apache.org/doc/gug/configuring-guacamole.html and reads:
api-session-timeout
The amount of time, in minutes, to allow Guacamole sessions
(authentication tokens) to remain valid despite inactivity. If omitted,
Guacamole sessions will expire after 60 minutes of inactivity.
From this, and to assist with your problem, I guess you could add the
'api-session-timeout' parameter to your guacamole properties file and
reduce the value to a minimal number of minutes, or seconds.
Obviously there is a trade-off, if the connection between guacamole and
the user is flaky then with reduced timeout that user could be
forcefully logged off despite being in a valid session. Also (I think)
if they simply didn't do anything in the session for a period (no
mouse/keyboard activity) this could also log them off. On this latter
point I'm a little uncertain as it would depend upon how Guacamole
determines 'activity', so YMMV...
On 7/05/2020 2:08 a.m., Kaminski, Thomas wrote:
Hello Georgi,
thank you for your answer. And yes, this would be a solution, that we
internal discussed.
This solution force a big change in the eureka connection into our
self-made identity management system.
I hope to bypass this big workload for my colleagues.
Regards
Thomas
*Von:* Georgе Stoyanov <[email protected]>
*Gesendet:* Mittwoch, 6. Mai 2020 15:21
*An:* [email protected]
*Betreff:* Re: Session timeout
I have a similar problem and for that, I have created different users
on Windows, so each of the Guacamole users has its own account. But
that way they will kick each other.
Regards,
Georgi
On Wed, May 6, 2020 at 2:40 PM Kaminski, Thomas
<[email protected]
<mailto:[email protected]>> wrote:
Hello together,
we have the challenge, that our users use common service accounts
to login into a windows server with rdp.
This works fine and we are happy.
Sometime a user closes the browser without ending the windows
session. Log off Chrome and so on.
After this the session is not stopped and another user who logs
into guacamole and gets the legacy session of the first user.
Our problem is, the second user is not the first user, and see the
foreign content.
This reconnect is in a timeframe of seconds. We not need a
solution, that act in a timeframe of minutes.
Is it possible to force an automatic logout from the session?
We tried a lot of local policies on windows side. Without success.
Except the api-session-timeout I didn’t find another configuration
items. And this is only for idle session in a unit of minutes.
We use Guacamole 1.0 on Debian 10 in Azure. The Backend are
Windows Server 2016 in Azure.
Guacamole proxy daemon (guacd) version 1.0.0
With kind regards / Mit freundlichen Grüßen
Thomas Kaminski
Solution Architect
KION Group IT
c/o KION Information Management Services GmbH
Berzeliusstraße 10 | 22113 Hamburg | Germany
Phone: +49 40 7339 2335 | Mobile +49 175 727 95 47
[email protected] <mailto:[email protected]>
KION Information Management Services GmbH
Sitz der Gesellschaft | Registered Office: Frankfurt am Main (Germany)
Registergericht | Court of Registration: Frankfurt am Main
(Germany), HRB 110454
USt-Id-Nr. | VAT No. DE 254777238
Geschäftsführung | Managing Director: Hansjörg Heinrich
KION Information Management Services GmbH
Sitz der Gesellschaft | Registered Office: Frankfurt am Main (Germany)
Registergericht | Court of Registration: Frankfurt am Main (Germany),
HRB 110454
USt-Id-Nr. | VAT No. DE 254777238
Geschäftsführung | Managing Director: Hansjörg Heinrich
