Closed Bug 1199941 Opened 9 years ago Closed 9 years ago

inactive sessions should expire faster (a week?)

Categories

(bugzilla.mozilla.org :: General, defect)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dveditz, Assigned: glob)

Details

Attachments

(1 file)

1199941_1.patch
616 bytes, patch
dkl
: review+
Details | Diff | Splinter Review 
I was exploring the new sessions tab on the bugzilla userprefs page and found some really old sessions from my home IP address. I assume these were from fresh browser profiles I create when testing bugs against various old branches. The oldest of them hadn't logged in since July 30, nearly a month ago. That's excessive for an inactive session. If someone hasn't used their session for a week (or two, max) we should make them log in again.

Heck, I use two different web mail providers that make me log in once a week even when I'm using their site daily.
Component: Administration → General
Attached patch 1199941_1.patchSplinter Review 
this sounds reasonable.

the only place where i think this may cause issues is api clients logging in to get a token and assuming that it will be valid for 30 days.  they could either detect the expired token, or switch to api-keys.
Assignee: nobody → glob
Status: NEW → ASSIGNED
Attachment #8654734 - Flags: review?(dkl)
Comment on attachment 8654734 [details] [diff] [review]
1199941_1.patch

Review of attachment 8654734 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8654734 - Flags: review?(dkl) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   8a5c7c7..91eac6e  master -> master
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: