16 lines
743 B
Lua
16 lines
743 B
Lua
-- Disconnect c2s sessions after a configurable timeout to force re-authentication.
|
|
-- This ensures that expired credentials (e.g. app passwords) are caught promptly.
|
|
|
|
local timeout = module:get_option_number("session_timeout", 1800); -- default 30 minutes
|
|
|
|
module:hook("resource-bind", function(event)
|
|
local session = event.session;
|
|
if not session then return; end
|
|
|
|
session._timeout_timer = module:add_timer(timeout, function()
|
|
if session.type == "c2s" and not session.destroyed then
|
|
module:log("info", "Session timeout for %s, forcing re-authentication", session.full_jid);
|
|
session:close({ condition = "policy-violation", text = "Session expired, please reconnect" });
|
|
end
|
|
end);
|
|
end);
|