View Issue Details

IDProjectCategoryView StatusLast Update
0014890mantisbtauthenticationpublic2012-11-16 17:28
Reporterrambabu_mantis Assigned Todregad  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionno change required 
Summary0014890: Session Timeout Issue
Description

Hi I am using the mantis from long time but seen a strange issue that session time out does not work in mantis..If the system is IDLE for some time automatically application should logout, but it is not working in mantis. I suspect this because of frequent automatic refresh. Can anybody provide the solution for the same

TagsNo tags attached.

Activities

dregad

dregad

2012-10-31 07:06

developer   ~0033379

If the system is IDLE for some time automatically application should logout, but it is not working in mantis

There is no such thing as an automatic logout feature.

Maybe you are confusing with $g_reauthentication (for admin areas) or the $g_allow_permanent_cookie / $g_cookie_time_length ?

rambabu_mantis

rambabu_mantis

2012-10-31 07:22

reporter   ~0033381

Hi dregad

Thank you very much for your quick response. Actually in any web application if the user is IDLE for some time it will be redirected to logout page and in php with session.gc_maxlifetime value. But in mantis i can stay login forever which never logout until user clicks it manually. I feel this is because of refresh delay. Can you suggest me how to solve this issue

dregad

dregad

2012-10-31 07:30

developer   ~0033382

As I said, this feature is not implemented in Mantis.

session.gc_maxlifetime controls the PHP session, which may prevent you from submitting form data in Mantis, that's all I can think of.

rambabu_mantis

rambabu_mantis

2012-10-31 07:41

reporter   ~0033384

Can i assume if i login to the mantis application i can't logout from it until i click the logout link in mantis though it is 2 days from login.....

Thanks for your reply in advance

dregad

dregad

2012-11-01 06:13

developer   ~0033394

Out of the box, Mantis allows 2 types of behavior

  1. with permanent cookie ($g_allow_permanent_cookie = ON), users can tick the 'remember me' box on the login page; if they do, their authentication will be valid for the duration defined in $g_cookie_time_length, after that time at the next Mantis page load, the user will have to login again.

  2. with the alternative ($g_allow_permanent_cookie = OFF) or if the 'remember me' box is not checked, the user is authenticated until the browser is closed.

This is controlled by the so-called "string cookie".

You could try to customize this by setting the cookie's validity to a fixed period of your choice in authentication_api.php, function auth_set_cookies, replace 'false' in call to gpc_set_cookie by 'time() + xxx seconds', but keep in mind that this expiration time is not extended based on user activity.