https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17187 Bug ID: 17187 Summary: Lower the timeout preference from 139 days to 1 day Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: System Administration Assignee: koha-bugs@lists.koha-community.org Reporter: m.de.rooy@rijksmuseum.nl QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com
From sysprefs.sql: ('timeout','12000000',NULL,'Inactivity timeout for cookies authentication (in seconds)','Integer'), From C4/Auth.pm: my $timeout = C4::Context->preference('timeout') || 600; Some googling results: The default in PHP is 1440 seconds (24 minutes). 30 minutes (=1800 secs) is the default expiration time of a cookie.
This patch proposes to lower 12 million to 1d (one day). The perfect balance between usability and security?? Also note that we are talking about a session cookie. So end of session always means end of game. Who offers less ? And what about changing current values? [Starting with: If it is null or the 12 million secs, change it.] -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.