<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Times New Roman, Times, serif">Thank you David Miller
for this input.</font></p>
<p><font face="Times New Roman, Times, serif">Yes. I agree with you
that this should be configurable by admin. Probably there can be
override from the user if admin allow this,</font></p>
<p><font face="Times New Roman, Times, serif">which will help for
non-corporate installations.</font></p>
<p><font face="Times New Roman, Times, serif">Willing to do the
testing, documentation if any for this. <br>
</font></p>
<p><font face="Times New Roman, Times, serif">Please let me know.<br>
</font></p>
<p><font face="Times New Roman, Times, serif">Thanks</font></p>
<p><font face="Times New Roman, Times, serif">Sandeep<br>
</font></p>
<div class="moz-cite-prefix">On 19/01/23 18:59, David Miller wrote:<br>
</div>
<blockquote type="cite"
cite="mid:26f9714c-3bd7-8c5e-e8e8-389b6ee533e0@bugzilla.org">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>This is set in Bugzilla/Constants.pm<br>
</p>
<p><font face="monospace"># How many days a logincookie will
remain valid if not used.<br>
use constant MAX_LOGINCOOKIE_AGE => 30;</font></p>
<p>Note that it's measured in days and not minutes though.</p>
<p>The code that handles it is in Bugzilla/Auth/Persist/Cookie.pm
around line 55 or so:<br>
</p>
<p><font face="monospace"> # Issuing a new cookie is a good time
to clean up the old<br>
# cookies.<br>
$dbh->do("DELETE FROM logincookies WHERE lastused < "<br>
. $dbh->sql_date_math('LOCALTIMESTAMP(0)', '-',
MAX_LOGINCOOKIE_AGE, 'DAY'));</font></p>
<p>So you could update it there. Without a patch to upstream
you'll need to modify changes to either of those every time you
upgrade though.</p>
<p>This seems like a logical feature request; this probably ought
to be in params instead of a hard-coded constant, and allow
shorter time periods than a day (I know a lot of business apps
I've used like to log you out after a half hour, etc).<br>
</p>
<div class="moz-cite-prefix">On 1/19/23 5:58 AM, Sandeep
Athiyarath wrote:<br>
</div>
<blockquote type="cite"
cite="mid:49265a81-f7fb-e179-ee0e-72c45d60b777@fcoos.net">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<p><font face="Times New Roman, Times, serif">Hi Team,</font></p>
<p><font face="Times New Roman, Times, serif">I am using the
latest Bugzilla version 5.0.6. <br>
</font></p>
<p><font face="Times New Roman, Times, serif">Our security team
came back and asked to enable session timeout on inactivity
, say 15 min.</font></p>
<p><font face="Times New Roman, Times, serif">I went through the
admin settings and parameters. I didn't able to find out any
option.</font></p>
<p><font face="Times New Roman, Times, serif">If Bugzilla is not
having the option ( looks like) whether I can enable this
with in the <br>
</font></p>
<p><font face="Times New Roman, Times, serif">web server level.
? . I am using Apache2.</font></p>
<p><font face="Times New Roman, Times, serif">Thanks</font></p>
<p><font face="Times New Roman, Times, serif">Sandeep<br>
</font></p>
</blockquote>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<title></title>
<div class="moz-signature">
<div>
<table style="width: 300px; border-style: none;"
cellpadding="3px" border="0px">
<tbody>
<tr>
<td style="width: 106px;"><img alt="[Bugzilla Logo]"
src="cid:part1.eAOpT0nF.aGPJirM0@fcoos.net"
moz-do-not-send="false" class="" width="100"
height="100"></td>
<td>
<div><strong><span style="font-size: 13pt;">Dave
Miller</span></strong></div>
<div>Project Leader</div>
<div><strong>Bugzilla Project</strong></div>
<div><a href="https://bugzilla.org/" rel="nofollow
noopener noreferrer" target="_blank"
class="moz-txt-link-freetext"
moz-do-not-send="true">https://bugzilla.org/</a></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</blockquote>
</body>
</html>