Description of problem: no session timeout in horizon, browser was opened for day (when I disconnected from network during that time). Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. login to horizon 2. leave browser opened for 24 hours 3. open new tab Actual results: session log-out in case of no activity after 30 minutes. Expected results: Additional info:
thank you for this report. However, we're using session cookies, which expire at the end of the session, and not using time based cookies. From django docs: If SESSION_EXPIRE_AT_BROWSER_CLOSE is set to True, Django will use browser-length cookies – cookies that expire as soon as the user closes his or her browser. Use this if you want people to have to log in every time they open a browser. As far as I understand it. they're mutually exclusive with persistent cookies, which can have a time-out; Persistent cookies will be stored on clients computer whereas session cookies stay in memory.
The feature is implemented in Havana-2. How to test: in the settings file, e.g in /etc/openstack-dashboard/local_settings define SESSION_TIMEOUT=1800 (in secs), wait 1800 secs and do a next action in the browser window. What you should see is a redirect/immediate logout.
*** Bug 983097 has been marked as a duplicate of this bug. ***
Verified NVR: python-django-horizon-2013.2-5.el6ost.noarch Tested OK.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1859.html