[Freeipa-devel] [PATCH 63] Implement session activity timeout
Rob Crittenden
rcritten at redhat.com
Tue Feb 28 04:09:22 UTC 2012
John Dennis wrote:
> Previously sessions expired after session_auth_duration had elapsed
> commencing from the start of the session. We new support a "rolling"
> expiration where the expiration is advanced by session_auth_duration
> everytime the session is accessed, this is equivalent to a inactivity
> timeout. The expiration is still constrained by the credential
> expiration in all cases. The session expiration behavior is
> configurable based on the session_auth_duration_type.
>
> * Reduced the default session_auth_duration from 1 hour to 20 minutes.
>
> * Replaced the sesssion write_timestamp with the access_timestamp and
> update the access_timestamp whenever the session data is created,
> retrieved, or written.
>
> * Modify set_session_expiration_time to handle both an inactivity
> timeout and a fixed duration.
>
> * Introduce KerberosSession as a mixin class to share session
> duration functionality with all classes manipulating session data
> with Kerberos auth. This is both the non-RPC login class and the RPC
> classes.
>
> * Update make-lint to handle new classes.
>
> * Added session_auth_duration_type config item.
>
> * Updated default.conf.5 man page for new session_auth_duration_type item.
>
> * Removed these unused config items: mount_xmlserver,
> mount_jsonserver, webui_assets_dir
ACK, pushed to master and ipa-2-2
More information about the Freeipa-devel
mailing list