View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0014890 | mantisbt | authentication | public | 2012-10-31 06:14 | 2012-11-16 17:28 |
Reporter | rambabu_mantis | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | no change required | ||
Summary | 0014890: Session Timeout Issue | ||||
Description | Hi I am using the mantis from long time but seen a strange issue that session time out does not work in mantis..If the system is IDLE for some time automatically application should logout, but it is not working in mantis. I suspect this because of frequent automatic refresh. Can anybody provide the solution for the same | ||||
Tags | No tags attached. | ||||
There is no such thing as an automatic logout feature. Maybe you are confusing with $g_reauthentication (for admin areas) or the $g_allow_permanent_cookie / $g_cookie_time_length ? |
|
Hi dregad Thank you very much for your quick response. Actually in any web application if the user is IDLE for some time it will be redirected to logout page and in php with session.gc_maxlifetime value. But in mantis i can stay login forever which never logout until user clicks it manually. I feel this is because of refresh delay. Can you suggest me how to solve this issue |
|
As I said, this feature is not implemented in Mantis. session.gc_maxlifetime controls the PHP session, which may prevent you from submitting form data in Mantis, that's all I can think of. |
|
Can i assume if i login to the mantis application i can't logout from it until i click the logout link in mantis though it is 2 days from login..... Thanks for your reply in advance |
|
Out of the box, Mantis allows 2 types of behavior
This is controlled by the so-called "string cookie". You could try to customize this by setting the cookie's validity to a fixed period of your choice in authentication_api.php, function auth_set_cookies, replace 'false' in call to gpc_set_cookie by 'time() + xxx seconds', but keep in mind that this expiration time is not extended based on user activity. |
|