Koha How-To

Koha Question of the Week: Why Does This Staff Account Keep Getting Logged Out?

Each Friday, we will bring you a new Koha Question of the Week. We will select real questions that we receive and share the answers with you!

Question: Why Does This Staff Account Keep Getting Logged Out?

Answer: Several factors control how long staff accounts stay logged in for. A few factors include:

  • The cleanup_database cron job, which controls how long session data is stored
  • The timeout system preference, which determines when to log accounts out for inactivity
  • Whether cookies are deleted from the internet browser.

But the most common situation has to do with permissions and a staff account trying to access something they are not authorized for, especially for accounts that have very limited permissions. A good indicator that this is the case is if only a few staff accounts are reporting a logout screen at unexpectedly brief intervals in the course of actively doing their work. While permissions work well in areas where staff do not have any access (like the acquisitions module, for example, where only core staff will be users), things can be a bit complex around patron, circulation, and cataloging permissions, where libraries often have accounts set with some permissions but not all.

A good first trouble-shooting step for supervisors or directors with the ability to set staff permissions is to find out what the person was trying to do when the logout screen appeared. If that function is a core part of their job, then they will need additional permission(s). The Koha manual will be helpful to determine what permission(s) may need to be added, or ByWater partners can open a ticket for assistance.

If the missing permission(s) are too broad, anyone can file an enhancement request in the Koha community via Bugzilla, or they may find that someone has already made that request and they can add their voice to that concern. Similarly, Koha should not be displaying a link to a function the user cannot access, so that would also be worth filing a bug.

Finally, it is useful to note that the logout prompt is not a true logout in the case of permissions, and the back button on the browser should take them back to what they were doing without requiring a whole new sign-on.

Additional Resources

Bugzilla

Koha Manual: Staff Permissions