View Issue Details

IDProjectCategoryView StatusLast Update
0001457bugs.cacert.orgmiscpublic2019-02-25 22:07
ReporterTed Assigned Toegal  
Status newResolutionopen 
Summary0001457: Please increase session timeout on
DescriptionHi, could the session timeout on be increased? It looks like it is currently something around 15 or maybe 30 minutes.

It is very frustrating when I try to write a comment, looking up some things to make sure I don't tell bullshit, just to have to start all over again because of a session timeout message.

I'd ask for an absolute minimum of 1 hour for the timeout, but preferable it should be 4 or even 8 hours.
TagsNo tags attached.



2019-01-27 15:52

administrator   ~0005756

Hello Dirk, I do not know Mantis well enough to help here. Do you know how to increase the session timeout?


2019-01-30 07:58

developer   ~0005759

This is an annoyance indeed. What happens to me fairly often is that I open a particular bug page in my browser, leave it there for a couple of hours while looking into the actual problem (and possibly get distracted by other stuff), then return to the open page and add a comment -- which fails due to the timeout, and all data entered is lost :-(
Even with a much longer timeout one might run into this trap, the safest solution is to refresh the page in the browser before entering new data. But it's easy to forget ...


2019-02-01 15:38

administrator   ~0005762

I just changed the timeout-variable for mantis from 5 minutes to 30 minutes. Please verify, if the timeout is now extended ... we should then find a consens between security and comfortability ...


2019-02-14 22:26

administrator   ~0005773

Test, last action was 22:50


2019-02-25 22:07

administrator   ~0005779

I just found out that the default refresh time seems to be set to 30 minutes. So, maybe setting the timeout to 35 minutes will prevent most of the incomfortabilities? At least I just set my refresh timeout to 10 minutes, so I should already be on the safe side... :-)

BTW, what is the attack scenario which is prevented by a short timeout? It's hard to judge "security" without knowing what may happen...

Issue History

Date Modified Username Field Change
2019-01-27 14:46 Ted New Issue
2019-01-27 14:46 Ted Assigned To => jandd
2019-01-27 15:52 jandd Note Added: 0005756
2019-01-27 15:52 jandd Assigned To jandd => egal
2019-01-30 07:58 wytze Note Added: 0005759
2019-02-01 15:38 egal Note Added: 0005762
2019-02-14 22:26 Ted Note Added: 0005773
2019-02-25 22:07 Ted Note Added: 0005779