View Issue Details

IDProjectCategoryView StatusLast Update
0011693mantisbtadministrationpublic2017-09-10 06:33
ReporterErwan BODERE Assigned Todregad  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionno change required 
Product Version1.1.8 
Summary0011693: Timeout : lost of project configuration
Description

In mantis 1.1.8, there is a short timeout in the administration section. When a administrator take some minutes to configure his project, he is redirected to an authentification page.

When the administrator re-login, go back to the workflow page and submit changes, all the configuration is lost. There are no checkbox or option button checked !

1 - How can i increase the administration section timeout ?
2 - Could you reproduce this bug ?

TagsNo tags attached.

Relationships

related to 0011680 closeddhx Mantis APPLICATION ERROR #2800 for Mantis 1.2.0 
related to 0011837 closeddhx Error #2800 on trying to submit an issue 
related to 0012015 closeddhx Error message that the form has been sent twice 
has duplicate 0010484 closeddhx Changes after admin timeout cause destruction! 
related to 0023326 closedatrol preventing data loss 

Activities

Erwan BODERE

Erwan BODERE

2010-05-10 08:22

reporter   ~0025447

Have you any ideas ?

dhx

dhx

2010-05-10 12:48

reporter   ~0025453

This is a complex security issue to do with CSRF/ClickJacking prevention as well as the inability for browsers to reliably remember form data when navigating with the 'back' button.

You can increase the timeout by setting this configuration option in config_inc.php:

$g_reauthentication_expiry = 5 * 60;

By default the expiry is 5 * 60 seconds = 5 minutes.

You may also need to consider 0011837

Erwan BODERE

Erwan BODERE

2010-06-14 06:57

reporter   ~0025841

This do not resolve the problem.
I must always re-authenticate after a short time.

Here is my configuration :
$g_reauthentication = OFF; //=disable reauthentication
$g_reauthentication_expiry = 1440 * 60; //=1day

Have you any patch to solve the lost of configuration ?

Best regards

udobes2

udobes2

2010-06-20 17:35

reporter   ~0025932

I've still the same problem and reported it in 12015.

My problem with that feature are caused by the complex infrastrukture. With loadbalancers and several servers you can't relay on a ever lasting session life time. So each time the session changes my inputs are lost. It's very annoying.

I think it would be good if there would be a possibility to turn that feature off.

Udo

dhx

dhx

2010-07-13 17:45

reporter   ~0026072

@udobes2: if you're using load balanced servers for running MantisBT, you should setup a distributed PHP session store across all servers. See http://stackoverflow.com/questions/994935/php-sessions-in-a-load-balancing-cluster-how

I suggest looking into using something like memcached for storing PHP sessions.