[Kimchi-devel] [PATCH V3 1/3] add timeout for sessions

[shaohef at linux.vnet.ibm.com]

From: ShaoHe Feng <shaohef at linux.vnet.ibm.com>

The default timeout of sessions is 60 minutes.

Set the timeout of sessions 10 minutes explicitly.

Kimchi should have 10 minutes of time out value for the browser login
session.
If session got inactive for 10 minutes then it should expire
automatically.
And should ask user for relogin. This is required for the security
reason.

But this timeout will not take effect on some tabs, such as guest tab.
The root cause is because the front end refreshes the vm list every 5
seconds
by sending the "GET /vms" REST API call to the server.

The follow patch will solve this problem.

Signed-off-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
---
 src/kimchi/config.py.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
index d73a8f4..426fbd1 100644
--- a/src/kimchi/config.py.in
+++ b/src/kimchi/config.py.in
@@ -150,6 +150,9 @@ class UIConfig(dict):
 
 
 class KimchiConfig(dict):
+    # session time out is 10 minutes
+    SESSIONSTIMEOUT = 10
+
     kimchi_config = {
         '/': {'tools.trailing_slash.on': False,
               'request.methods_with_bodies': ('POST', 'PUT'),
@@ -159,6 +162,7 @@ class KimchiConfig(dict):
               'tools.sessions.httponly': True,
               'tools.sessions.locking': 'explicit',
               'tools.sessions.storage_type': 'ram',
+              'tools.sessions.timeout': SESSIONSTIMEOUT,
               'tools.kimchiauth.on': False},
         '/data/screenshots': {
             'tools.staticdir.on': True,
-- 
1.8.4.2