[Kimchi-devel] [PATCH V3 1/4] add timeout for sessions
Royce Lv
lvroyce at linux.vnet.ibm.com
Thu Mar 6 05:03:12 UTC 2014
Reviewed-by: Royce Lv<lvroyce at linux.vnet.ibm.com>
On 2014年03月06日 07:44, shaohef at linux.vnet.ibm.com wrote:
> From: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
>
> The default timeout of sessions is 60 minutes.
>
> Set the timeout of sessions 10 minutes explicitly.
>
> Kimchi should have 10 minutes of time out value for the browser login
> session.
> If session got inactive for 10 minutes then it should expire
> automatically.
> And should ask user for relogin. This is required for the security
> reason.
>
> But this timeout will not take effect on some tabs, such as guest tab.
> The root cause is because the front end refreshes the vm list every 5
> seconds
> by sending the "GET /vms" REST API call to the server.
>
> The follow patch will solve this problem.
>
> Signed-off-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
> ---
> src/kimchi/config.py.in | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
> index d73a8f4..426fbd1 100644
> --- a/src/kimchi/config.py.in
> +++ b/src/kimchi/config.py.in
> @@ -150,6 +150,9 @@ class UIConfig(dict):
>
>
> class KimchiConfig(dict):
> + # session time out is 10 minutes
> + SESSIONSTIMEOUT = 10
> +
> kimchi_config = {
> '/': {'tools.trailing_slash.on': False,
> 'request.methods_with_bodies': ('POST', 'PUT'),
> @@ -159,6 +162,7 @@ class KimchiConfig(dict):
> 'tools.sessions.httponly': True,
> 'tools.sessions.locking': 'explicit',
> 'tools.sessions.storage_type': 'ram',
> + 'tools.sessions.timeout': SESSIONSTIMEOUT,
> 'tools.kimchiauth.on': False},
> '/data/screenshots': {
> 'tools.staticdir.on': True,
More information about the Kimchi-devel
mailing list