Required session timeout on inactivity.
David Miller
justdave at bugzilla.org
Thu Jan 19 13:29:26 UTC 2023
This is set in Bugzilla/Constants.pm
# How many days a logincookie will remain valid if not used.
use constant MAX_LOGINCOOKIE_AGE => 30;
Note that it's measured in days and not minutes though.
The code that handles it is in Bugzilla/Auth/Persist/Cookie.pm around
line 55 or so:
# Issuing a new cookie is a good time to clean up the old
# cookies.
$dbh->do("DELETE FROM logincookies WHERE lastused < "
. $dbh->sql_date_math('LOCALTIMESTAMP(0)', '-',
MAX_LOGINCOOKIE_AGE, 'DAY'));
So you could update it there. Without a patch to upstream you'll need to
modify changes to either of those every time you upgrade though.
This seems like a logical feature request; this probably ought to be in
params instead of a hard-coded constant, and allow shorter time periods
than a day (I know a lot of business apps I've used like to log you out
after a half hour, etc).
On 1/19/23 5:58 AM, Sandeep Athiyarath wrote:
>
> Hi Team,
>
> I am using the latest Bugzilla version 5.0.6.
>
> Our security team came back and asked to enable session timeout on
> inactivity , say 15 min.
>
> I went through the admin settings and parameters. I didn't able to
> find out any option.
>
> If Bugzilla is not having the option ( looks like) whether I can
> enable this with in the
>
> web server level. ? . I am using Apache2.
>
> Thanks
>
> Sandeep
>
--
[Bugzilla Logo]
*Dave Miller*
Project Leader
*Bugzilla Project*
https://bugzilla.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bugzilla.org/pipermail/support-list/attachments/20230119/4a0b21b1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: favicon.png
Type: image/png
Size: 6652 bytes
Desc: not available
URL: <http://lists.bugzilla.org/pipermail/support-list/attachments/20230119/4a0b21b1/attachment.png>
More information about the support-list
mailing list