View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011693 | mantisbt | administration | public | 2010-03-22 04:31 | 2017-09-10 06:33 |
Reporter | Erwan BODERE | Assigned To | dregad | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | no change required | ||
Product Version | 1.1.8 | ||||
Summary | 0011693: Timeout : lost of project configuration | ||||
Description | In mantis 1.1.8, there is a short timeout in the administration section. When a administrator take some minutes to configure his project, he is redirected to an authentification page. When the administrator re-login, go back to the workflow page and submit changes, all the configuration is lost. There are no checkbox or option button checked ! 1 - How can i increase the administration section timeout ? | ||||
Tags | No tags attached. | ||||
related to | 0011680 | closed | dhx | Mantis APPLICATION ERROR #2800 for Mantis 1.2.0 |
related to | 0011837 | closed | dhx | Error #2800 on trying to submit an issue |
related to | 0012015 | closed | dhx | Error message that the form has been sent twice |
has duplicate | 0010484 | closed | dhx | Changes after admin timeout cause destruction! |
related to | 0023326 | closed | atrol | preventing data loss |
Have you any ideas ? |
|
This is a complex security issue to do with CSRF/ClickJacking prevention as well as the inability for browsers to reliably remember form data when navigating with the 'back' button. You can increase the timeout by setting this configuration option in config_inc.php: $g_reauthentication_expiry = 5 * 60; By default the expiry is 5 * 60 seconds = 5 minutes. You may also need to consider 0011837 |
|
This do not resolve the problem. Here is my configuration : Have you any patch to solve the lost of configuration ? Best regards |
|
I've still the same problem and reported it in 12015. My problem with that feature are caused by the complex infrastrukture. With loadbalancers and several servers you can't relay on a ever lasting session life time. So each time the session changes my inputs are lost. It's very annoying. I think it would be good if there would be a possibility to turn that feature off. Udo |
|
@udobes2: if you're using load balanced servers for running MantisBT, you should setup a distributed PHP session store across all servers. See http://stackoverflow.com/questions/994935/php-sessions-in-a-load-balancing-cluster-how I suggest looking into using something like memcached for storing PHP sessions. |
|