Red Hat Bugzilla – Bug 976272
[RFE] openstack-horizon: no session timeout in horizon
Last modified: 2018-02-08 05:05:25 EST
Description of problem:
no session timeout in horizon, browser was opened for day (when I disconnected from network during that time).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. login to horizon
2. leave browser opened for 24 hours
3. open new tab
session log-out in case of no activity after 30 minutes.
thank you for this report.
However, we're using session cookies, which expire at the end of the session, and not using time based cookies.
From django docs:
If SESSION_EXPIRE_AT_BROWSER_CLOSE is set to True, Django will use browser-length cookies – cookies that expire as soon as the user closes his or her browser. Use this if you want people to have to log in every time they open a browser. As far as I understand it. they're mutually exclusive with persistent cookies, which can have a time-out;
Persistent cookies will be stored on clients computer whereas session cookies stay in memory.
The feature is implemented in Havana-2.
How to test:
in the settings file, e.g in /etc/openstack-dashboard/local_settings define
SESSION_TIMEOUT=1800 (in secs), wait 1800 secs and do a next action in the browser window.
What you should see is a redirect/immediate logout.
*** Bug 983097 has been marked as a duplicate of this bug. ***
Verified NVR: python-django-horizon-2013.2-5.el6ost.noarch
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.