For establishing the length of sessions Viart now uses the sessions feature in php. That means whatever the default length is in your php install (for most that is 1440 seconds--24 minutes), that is the length of the session, which you can't edit without editing your default php settings, and you may not want to do that.
 
Why does this matter? If you're working in the admin of Viart, walk away, then come back 25 minutes later, you will be logged off. In general, that's good but not very flexible.
 
I have some admin people I would like logged off in 10 minutes without activity because their computers are less secure, but I have others it would be okay to log off in 45 minutes.
 
I think there should be better, more flexible security features (maybe with a max of 60 minutes of log-in time without activity).
 
Thoughts?

I think it should be a setting and not limited. We should be able to type in (by minutes) the length for each admin seperately in the admin profile page. This method of security I would see better fit.

Yes, I would like to be able to select my logged in period depending upon my activity at that time.
 
If I have a lot to do I don't want to logged out when I stop for coffee - but if it is a short session then automatic log out means I don't have problems if I forget.
 
So a short default time with an easy option to over ride when required?

I think there needs to be some kind of default time, and if I was Viart I would also want a max time too.
 
There are a lot of people that use computers and software that have little idea about security, which is fine; you shouldn't be required to be a security expert to use a computer. But if you can avoid having people contact you about security breaches by simply creating a max session life, then it seems like a reasonable thing to do.
 
Are people doing admin work from a public computer? Who knows . . . but I can't count the number of times I've seen people leave a public computer without logging out of their web email.