Required session timeout on inactivity.

Sandeep Athiyarath sandeep at fcoos.net
Fri Jan 20 05:05:50 UTC 2023 

Thank you David Miller for this input.

Yes. I agree with you that this should be configurable by admin. 
Probably there can be override from the user  if admin allow this,

which will help for non-corporate installations.

Willing to do the testing, documentation if any for this.

Please let me know.

Thanks

Sandeep

On 19/01/23 18:59, David Miller wrote:
>
> This is set in Bugzilla/Constants.pm
>
> # How many days a logincookie will remain valid if not used.
> use constant MAX_LOGINCOOKIE_AGE => 30;
>
> Note that it's measured in days and not minutes though.
>
> The code that handles it is in Bugzilla/Auth/Persist/Cookie.pm around 
> line 55 or so:
>
>   # Issuing a new cookie is a good time to clean up the old
>   # cookies.
>   $dbh->do("DELETE FROM logincookies WHERE lastused < "
>       . $dbh->sql_date_math('LOCALTIMESTAMP(0)', '-', 
> MAX_LOGINCOOKIE_AGE, 'DAY'));
>
> So you could update it there. Without a patch to upstream you'll need 
> to modify changes to either of those every time you upgrade though.
>
> This seems like a logical feature request; this probably ought to be 
> in params instead of a hard-coded constant, and allow shorter time 
> periods than a day (I know a lot of business apps I've used like to 
> log you out after a half hour, etc).
>
> On 1/19/23 5:58 AM, Sandeep Athiyarath wrote:
>>
>> Hi Team,
>>
>> I am using the latest Bugzilla version  5.0.6.
>>
>> Our security team came back and asked to enable session timeout on 
>> inactivity , say  15 min.
>>
>> I went through the admin settings and parameters. I didn't able to 
>> find out any option.
>>
>> If Bugzilla is not having the option ( looks like) whether I can 
>> enable this with in the
>>
>> web server level. ? . I am using Apache2.
>>
>> Thanks
>>
>> Sandeep
>>
> -- 
> [Bugzilla Logo] 	
> *Dave Miller*
> Project Leader
> *Bugzilla Project*
> https://bugzilla.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bugzilla.org/pipermail/support-list/attachments/20230120/6440cab5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: favicon.png
Type: image/png
Size: 6652 bytes
Desc: not available
URL: <http://lists.bugzilla.org/pipermail/support-list/attachments/20230120/6440cab5/attachment-0001.png>

More information about the support-list mailing list