[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu May 4 04:37:08 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428
--- Comment #19 from David Cook <dcook at prosentient.com.au> ---
(In reply to Katrin Fischer from comment #18)
> But how do we know if it's an OPAC or a staff side cookie? Maybe naming the
> cookies differently and by that allowing to really have separate sessions
> independent of setup would be better.
Yes that's what I was thinking. We're replace CGISESSID with KOHA_OPAC_SESSID
and KOHA_STAFF_SESSID or something like that, and then depending on where the
auth is being initiated the appropriate cookie name would be looked up. (That
said, I think that might get complicated with the API...so something to
investigate further.)
> One reason to use ports is to block access to the staff interface in a
> firewall. It's a valid configuration option.
You mean using access control lists in a firewall? That's true. I suppose that
using different ports would be the only way to do it with that setup.
I often suggest restricting by IP address at the HTTP/application layer, since
it's easy to due on a per-host basis, but there's certainly advantages to
restricting access at lower OSI layers.
It's good to know that there are other folk out there restricting access to
their staff interface.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list