Topic: Server manager time-out?

[guest22]

Is there a (new) time out in server manager? I experience a time out where I am redirected to the login page of Server Manager.

[Jean-Philippe Pialasse]

there have been a 5 min timeout since the implementation of TKTAuth, except it was broken (not declared at the right place) TKTAuth is pretty complicated as you have to declare variables in apache conf file, tkt conf file and the login page, and some only work at one place.

it will reset the counter everytime you reload the page, if the counter is at least half done. Which is the default behaviour but could be adjusted, to never reset or to reset whatever is its status.


Some will find 5 min is already too long to be secure. To my experience I would say that the 5 min could be a little too short for some people, if you feel the same, you can feel a NFR to be able to change the default timeout value.

[guest22]

So IS it broken or WAS it broken? Against what package should I file a NFR pls?

[Jean-Philippe Pialasse]

So IS it broken or WAS it broken? Against what package should I file a NFR pls?

it was broken. the count down was not occurring. Fixed it while fixed the https redirection.

the correct package for NFR is e-smith-manager as templates are in it.

[guest22]

Shouldn't this be documented somehow?

[Jean-Philippe Pialasse]

Shouldn't this be documented somehow?

if we start adding a property to modify it, sure !

otherwise, it is basic security standard to avoid to leave a connection to an interface to manage a whole server to run forever.

[guest22]

Any chenge should be documented. TKauth changes are no where mentioned.

[CharlieBrady]

Shouldn't this be documented somehow?

Yes, both the problem and the fix should have been recorded in the bug tracker, and in a changelog entry in the affected package.

[Stefano]

JPP, can you post here the bug reference about https redirection you mentioned before?
thank you

[Jean-Philippe Pialasse]

all documented here:
https://bugs.contribs.org/show_bug.cgi?id=8825


the change has been referenced in the changelog as "- update syntaxe for TKT Auth" for the wrongly used old syntax at the wrong spot  replaced by new syntax corresponding to the version we use.

[Jean-Philippe Pialasse]

for your information, I am planning to work on this, if you have suggestions

https://bugs.contribs.org/show_bug.cgi?id=9921