Change the login to SUMO to never expire

VERIFIED FIXED in 2011-07-19

Status

support.mozilla.org
Knowledge Base Software
VERIFIED FIXED
7 years ago
7 years ago

People

(Reporter: skinny, Assigned: erik)

Tracking

unspecified
2011-07-19

Firefox Tracking Flags

(Not tracked)

Details

Since we're not storing any credit card numbers, set the login to never expire.
(Assignee)

Comment 1

7 years ago
Sounds great to me. Can anybody think of a reason not to?
Go for it!
My personal opinion of course.
(Assignee)

Updated

7 years ago
Assignee: nobody → erik
Target Milestone: --- → 2011-07-19
It would be nice if access to the admin would require you to enter your password again, especially for superusers. It's the only part of the site where damage could be potentially done (getting access to pretty much the entire database + worse case of 24 hours of lost data). Although, hopefully all admins have their computers locked down.
(In reply to comment #4)
> It would be nice if access to the admin would require you to enter your
> password again, especially for superusers. It's the only part of the site
> where damage could be potentially done (getting access to pretty much the
> entire database + worse case of 24 hours of lost data). Although, hopefully
> all admins have their computers locked down.

If you can find a way to do that, maybe as part of AdminPlus, I'd love to see it. I don't know of any way to enforce that in Django, or any concept of "re-authenticating" an authenticated session.
We could set the default session timeout to unlimited, and then perhaps write some kind of middleware that checks if the user's an admin, and if it is, use request.session.set_expiry() to update their session to have a shorter timeout? Hooray for Google searches.

I don't know how much overhead that may add though.
Let's leave that for a follow up and just turn off SESSION_EXPIRE_AT_BROWSER_CLOSE and set SESSION_COOKIE_AGE to a month or so. (If we leave it too high, the database will fill up with abandoned sessions.)
(Assignee)

Comment 8

7 years ago
Amen.
(Assignee)

Comment 9

7 years ago
master: http://github.com/jsocol/kitsune/commit/6a9e46ce1c2f9328b45049210f56c5cc31b256f0
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Verified login persists- nice change!
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.