Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #9448 User's session lifetime is only verified once each 24 hours
    Actions
    Infos
    #9448
    Thomas Gerbet (tgerbet)
    2016-12-01 15:54
    2016-09-06 17:29
    9723
    Details
    User's session lifetime is only verified once each 24 hours

    The session_hash token is only verified once each 24 hours. We should respect the same granularity than what is available in the config file.

    Authentication & LDAP
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2016-12-01
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #9570 Tuleap Releases 9.2 Delivered 2016-12-13 10:26 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #9448

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/61/6461/5' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 2b1f6bd8d9
    User avatar Joris MASSON (jmasson) , 2016-12-01 15:52
    request #9448: User's session lifetime is enforced only once each 24h serverside 94ff18bb73
    User avatar Thomas Gerbet (tgerbet) , 2016-11-30 15:48
    Referenced by request #9448

    Artifact Tracker v5

    rel #9570 9.2

    Other

    gerrit #6448
    Display settings

    Follow-ups

    User avatar
    Joris MASSON (jmasson)2016-12-01 15:54
    Integrated in TUleap 9.1.99.67
    • Status changed from Under review to Closed
    • Connected artifacts
    • Close date set to 2016-12-01
    User avatar
    Thomas Gerbet (tgerbet)2016-09-08 11:47
    I publicly disclose the issue. Sessions oldest than the lifetime indicated into the parameter sys_session_lifetime are removed once each 24 hours.

    I however keep the issue, the parameter sys_session_lifetime gives a granularity to the second but at best we can ensure a granularity to 1 day. One day is a bit too much, some environments can need an absolute timeout shorter than one day to pass some certifications requirements.
    • Summary
      -User's session lifetime is not enforced serverside 
      +User's session lifetime is only verified once each 24 hours 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2016-09-06 17:31
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes