inactive sessions should expire faster (a week?)

RESOLVED FIXED

Status

()

RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: dveditz, Assigned: glob)

Tracking

Production

Details

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
I was exploring the new sessions tab on the bugzilla userprefs page and found some really old sessions from my home IP address. I assume these were from fresh browser profiles I create when testing bugs against various old branches. The oldest of them hadn't logged in since July 30, nearly a month ago. That's excessive for an inactive session. If someone hasn't used their session for a week (or two, max) we should make them log in again.

Heck, I use two different web mail providers that make me log in once a week even when I'm using their site daily.
(Assignee)

Updated

3 years ago
Component: Administration → General
(Assignee)

Comment 1

3 years ago
Created attachment 8654734 [details] [diff] [review]
1199941_1.patch

this sounds reasonable.

the only place where i think this may cause issues is api clients logging in to get a token and assuming that it will be valid for 30 days.  they could either detect the expired token, or switch to api-keys.
Assignee: nobody → glob
Status: NEW → ASSIGNED
Attachment #8654734 - Flags: review?(dkl)
Comment on attachment 8654734 [details] [diff] [review]
1199941_1.patch

Review of attachment 8654734 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8654734 - Flags: review?(dkl) → review+
(Assignee)

Comment 3

3 years ago
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   8a5c7c7..91eac6e  master -> master
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.