Bug 976272
Summary: | [RFE] openstack-horizon: no session timeout in horizon | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Haim <hateya> |
Component: | python-django-horizon | Assignee: | Matthias Runge <mrunge> |
Status: | CLOSED ERRATA | QA Contact: | Nir Magnezi <nmagnezi> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | CC: | ajeain, aortega, dron, jkt, jpichon, mlopes, mrunge, sgordon, yeylon |
Target Milestone: | Upstream M2 | Keywords: | FutureFeature, Triaged |
Target Release: | 4.0 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | python-django-horizon-2013.2-0.4.1b2.el6ost | Doc Type: | Enhancement |
Doc Text: |
With this update, Dashboard users are automatically logged out of a period of inactivity. This period is set to 30 minutes by default.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-12-20 00:07:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 975499 |
Description
Haim
2013-06-20 09:16:25 UTC
thank you for this report. However, we're using session cookies, which expire at the end of the session, and not using time based cookies. From django docs: If SESSION_EXPIRE_AT_BROWSER_CLOSE is set to True, Django will use browser-length cookies – cookies that expire as soon as the user closes his or her browser. Use this if you want people to have to log in every time they open a browser. As far as I understand it. they're mutually exclusive with persistent cookies, which can have a time-out; Persistent cookies will be stored on clients computer whereas session cookies stay in memory. The feature is implemented in Havana-2. How to test: in the settings file, e.g in /etc/openstack-dashboard/local_settings define SESSION_TIMEOUT=1800 (in secs), wait 1800 secs and do a next action in the browser window. What you should see is a redirect/immediate logout. *** Bug 983097 has been marked as a duplicate of this bug. *** Verified NVR: python-django-horizon-2013.2-5.el6ost.noarch Tested OK. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1859.html |