Required session timeout on inactivity.
David Miller
justdave at bugzilla.org
Fri Jan 20 06:26:13 UTC 2023
I filed this in https://bugzilla.mozilla.org/show_bug.cgi?id=1811423
On 1/20/23 12:05 AM, Sandeep Athiyarath wrote:
>
> Thank you David Miller for this input.
>
> Yes. I agree with you that this should be configurable by admin.
> Probably there can be override from the user if admin allow this,
>
> which will help for non-corporate installations.
>
> Willing to do the testing, documentation if any for this.
>
> Please let me know.
>
> Thanks
>
> Sandeep
>
> On 19/01/23 18:59, David Miller wrote:
>>
>> This is set in Bugzilla/Constants.pm
>>
>> # How many days a logincookie will remain valid if not used.
>> use constant MAX_LOGINCOOKIE_AGE => 30;
>>
>> Note that it's measured in days and not minutes though.
>>
>> The code that handles it is in Bugzilla/Auth/Persist/Cookie.pm around
>> line 55 or so:
>>
>> # Issuing a new cookie is a good time to clean up the old
>> # cookies.
>> $dbh->do("DELETE FROM logincookies WHERE lastused < "
>> . $dbh->sql_date_math('LOCALTIMESTAMP(0)', '-',
>> MAX_LOGINCOOKIE_AGE, 'DAY'));
>>
>> So you could update it there. Without a patch to upstream you'll need
>> to modify changes to either of those every time you upgrade though.
>>
>> This seems like a logical feature request; this probably ought to be
>> in params instead of a hard-coded constant, and allow shorter time
>> periods than a day (I know a lot of business apps I've used like to
>> log you out after a half hour, etc).
>>
>> On 1/19/23 5:58 AM, Sandeep Athiyarath wrote:
>>>
>>> Hi Team,
>>>
>>> I am using the latest Bugzilla version 5.0.6.
>>>
>>> Our security team came back and asked to enable session timeout on
>>> inactivity , say 15 min.
>>>
>>> I went through the admin settings and parameters. I didn't able to
>>> find out any option.
>>>
>>> If Bugzilla is not having the option ( looks like) whether I can
>>> enable this with in the
>>>
>>> web server level. ? . I am using Apache2.
>>>
>>> Thanks
>>>
>>> Sandeep
>>>
>> --
>> [Bugzilla Logo]
>> *Dave Miller*
>> Project Leader
>> *Bugzilla Project*
>> https://bugzilla.org/
>>
>
> _______________________________________________
> support-list mailing list
> support-list at bugzilla.org
> https://lists.bugzilla.org/listinfo/support-list
--
[Bugzilla Logo]
*Dave Miller*
Project Leader
*Bugzilla Project*
https://bugzilla.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bugzilla.org/pipermail/support-list/attachments/20230120/55fd1c65/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: favicon.png
Type: image/png
Size: 6652 bytes
Desc: not available
URL: <http://lists.bugzilla.org/pipermail/support-list/attachments/20230120/55fd1c65/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: favicon.png
Type: image/png
Size: 6652 bytes
Desc: not available
URL: <http://lists.bugzilla.org/pipermail/support-list/attachments/20230120/55fd1c65/attachment-0003.png>
More information about the support-list
mailing list