A simple meteorite package to give you session timeouts.
In your json settings file, you can add the following two options
inactivityTimeout - This is the number of milliseconds a user has of
inactivity before being forcibly logged out. It defaults to 900000 (15 minutes).
purgeInterval - This is the number of milliseconds that the package will use
in a setInterval to purge all inactive sessions from Meteor. It defaults to
60000 (1 minute)
sessionTimeoutQuery - A MongoDB query object restricting the set of users affected by session timeout functionality with a MongoDB query.
How it Works
On the server
The server uses a mongo collection named "session_timeout" to store the timeouts of user sessions.
There is also a method exposed called session_heartbeat that is used to update the timeout values of those sessions.
Finally we periodically check those sessions for all users and if we find any that are expired we destroy all of that users login tokens. That is done because there isn't really a better way to force a user out of Meteor at this time.
On the client
The client does two things. First, it watches the
in Meteor.users collection. When it changes to a value evaluated to
true, the user
is logged out. By default, the user is logged out by
Meteor.logout method. However,
you can override
Meteor.forcedLogout method to implement custom logout logic.
Second, we set a timer to check and see if there is mouse movement happening anywhere in the application. If there is we call the heartbeat method. We then remove the event listeners and whatnot for the next time the timer fires.