On Wed, Apr 1, 2020 at 8:11 AM Chris Misztur <[email protected]> wrote:
> I have one user who is able to close the browser (tried Chrome and FF), > and evening reboot his PC, go to Guac URL and is allowed back in without > auth. I have it set up for LDAP and TOTP. > > Is something getting cached server side? > > Guacamole's authentication system issues tokens for the logins. If the user does not explicitly Log Out (which deletes the token), then it is possible that, within a reasonable amount of time, they can come back and expect to not have to log in, again. Guacamole will periodically expire these tokens, forcing a new login. This is fairly consistent with how most web sites behave - that is, I don't have to log in to my e-mail every time I close it out and re-open it - it prompts me periodically, but certainly not every time. -Nick
