Open
Bug 1196621
Opened 10 years ago
Updated 7 years ago
add option for groups membership to force a maximum session time
Categories
(bugzilla.mozilla.org :: General, enhancement, P2)
Tracking
()
NEW
People
(Reporter: glob, Unassigned)
References
(Blocks 1 open bug)
Details
if you load bugzilla every day then your session will never timeout. security groups will benefit from setting a maximum lifetime on sessions to force periodic reauthentication.
- add an optional "max_session_duration" int field to groups (days, 0 to disable)
- add "start_ts" (or similar) to logincookies
- set start_ts to the current timestamp when inserting into logincookies
- this setting applies to all group members, direct and inherited
- if a user has session limits applied add a row to edituser which shows the applicable group and duration
- create a nightly triggered script which:
- find matching sessions given the lowest matching max_session_duration
- delete logincookies rows
- write an [audit] entry
|
||
Updated•10 years ago
|
Assignee: nobody → dylan
|
|
||
Updated•9 years ago
|
Priority: P3 → P2
|
|
||
Comment 1•9 years ago
|
||
Freeing this up as it is something that someone else could work on.
Assignee: dylan → nobody
|
||
Updated•7 years ago
|
Type: defect → enhancement
You need to log in
before you can comment on or make changes to this bug.
Description
•