[Koha-bugs] [Bug 17187] New: Lower the timeout preference from 139 days to 1 day

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Aug 24 13:16:06 CEST 2016


https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17187

            Bug ID: 17187
           Summary: Lower the timeout preference from 139 days to 1 day
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: System Administration
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: m.de.rooy at rijksmuseum.nl
        QA Contact: testopia at bugs.koha-community.org
                CC: gmcharlt at gmail.com

>From sysprefs.sql:  ('timeout','12000000',NULL,'Inactivity timeout for cookies
authentication (in seconds)','Integer'),
>From C4/Auth.pm:  my $timeout = C4::Context->preference('timeout') || 600;
Some googling results: 
The default in PHP is 1440 seconds (24 minutes).
30 minutes (=1800 secs) is the default expiration time of a cookie.

This patch proposes to lower 12 million to 1d (one day). The perfect balance
between usability and security??
Also note that we are talking about a session cookie. So end of session always
means end of game.

Who offers less ?
And what about changing current values? [Starting with: If it is null or the 12
million secs, change it.]

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.


More information about the Koha-bugs mailing list