Closed Bug 670024 Opened 13 years ago Closed 13 years ago

Change the login to SUMO to never expire

Categories

(support.mozilla.org :: Knowledge Base Software, task)

Product:
support.mozilla.org
Component:
Knowledge Base Software
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
2011-07-19

People

(Reporter: cbeasley, Assigned: erik)

Details

Since we're not storing any credit card numbers, set the login to never expire.
Sounds great to me. Can anybody think of a reason not to?
Go for it!
My personal opinion of course.
Assignee: nobody → erik
Target Milestone: --- → 2011-07-19
It would be nice if access to the admin would require you to enter your password again, especially for superusers. It's the only part of the site where damage could be potentially done (getting access to pretty much the entire database + worse case of 24 hours of lost data). Although, hopefully all admins have their computers locked down.
(In reply to comment #4)
> It would be nice if access to the admin would require you to enter your
> password again, especially for superusers. It's the only part of the site
> where damage could be potentially done (getting access to pretty much the
> entire database + worse case of 24 hours of lost data). Although, hopefully
> all admins have their computers locked down.

If you can find a way to do that, maybe as part of AdminPlus, I'd love to see it. I don't know of any way to enforce that in Django, or any concept of "re-authenticating" an authenticated session.
We could set the default session timeout to unlimited, and then perhaps write some kind of middleware that checks if the user's an admin, and if it is, use request.session.set_expiry() to update their session to have a shorter timeout? Hooray for Google searches.

I don't know how much overhead that may add though.
Let's leave that for a follow up and just turn off SESSION_EXPIRE_AT_BROWSER_CLOSE and set SESSION_COOKIE_AGE to a month or so. (If we leave it too high, the database will fill up with abandoned sessions.)
Amen.
master: http://github.com/jsocol/kitsune/commit/6a9e46ce1c2f9328b45049210f56c5cc31b256f0
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Verified login persists- nice change!
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.