HTML5 session security

Discussion in 'Parallels Remote Application Server – HTML5 Gateway' started by GreggZ, May 9, 2016.

  1. GreggZ

    GreggZ Junior Member

    Messages:
    13
    Coming from the Citrix world, unless there is something I am missing, we need a way for the logon page to expire without killing the html5 session. If we are lucky, the "user" is typically going to log out of their application or desktop session, but it is highly likely that they will walk away from the logon page. This page should expire after X amount of time so that if someone is using a public kiosk (like at a hotel lobby) and they walk away, a stranger does not have access to our systems. Has anyone else thought of this issue?
     
  2. Dinesh@Parallels

    Dinesh@Parallels Guest

    Messages:
    333
    Hello @GreggZ
    It will be great if you could provide us step-by-step description what are the option which would like to add and how does it works , so that we can forward your request to your developers.
     
    Last edited: Sep 19, 2016
  3. GreggZ

    GreggZ Junior Member

    Messages:
    13
    Need a way for the logon page to expire without killing the html5 session.
    1. User opens browser and connects to designated gateway for logging onto Parallels.
    2. User launches application or desktop from gateway. This opens in a new window.
    3. The 1st window, should log out automatically after XX amount of time without disturbing the running applications.
    The reason for this request is that the user is conscious of the windows with the running applications only, they tend to forget that the gateway is there and logged into. When at a kiosk/public computer, a user could jeopardize the companies security by walking away. The way it works today, the gateway would remain logged in, allowing the next person using the computer to launch applications and access sensitive data.
     
  4. PaulChristopher@Parallels

    PaulChristopher@Parallels Product Expert Staff Member

    Messages:
    3,158
    Hi GreggZ, please launch RAS Console->Connection->Authentication-> set as "Declare session idle after" and " Cached session Timeout" with the desired value and let us know how it works.
     
  5. GreggZ

    GreggZ Junior Member

    Messages:
    13
    Thank you Paul. Overall, your suggestion does work. Personally I would like to see something more complete, like a message that displays "Your session has been logged out due to inactivity, please log on again", with a link to logon again. Would there be anyway for it to close the browser window? My session window stayed open, but I could no longer do anything within the session. The only problem here is that any sensitive/confidential information could be displayed in that window even though the session is disconnected.
     
  6. PaulChristopher@Parallels

    PaulChristopher@Parallels Product Expert Staff Member

    Messages:
    3,158
    Dear Greggz, you may also log into Remote Desktop on the particular Windows and open the Start menu, navigate to All Programs, then Administrative Tools, then Remote Desktop Services and then open the Remote Desktop Session Host Configuration menu.
    In the Connections area, right click RDP-TCP then Properties. Click the Sessions tab and specify the values you want to use.
     

Share This Page