diff options
author | Adrian Turjak <adriant@catalyst.net.nz> | 2018-07-11 16:33:31 +1200 |
---|---|---|
committer | Akihiro Motoki <amotoki@gmail.com> | 2018-12-23 09:33:49 +0900 |
commit | dc0ffaf2d80f77a90d6f98e6dcad08e7901f68df (patch) | |
tree | e84c6cc6c8a342467821790775697e1f9eda6716 /openstack_dashboard/settings.py | |
parent | 06ab7a5047d0c151830c1c902aea1e80272b71f9 (diff) | |
download | horizon-dc0ffaf2d80f77a90d6f98e6dcad08e7901f68df.tar.gz |
Change session timeout to an idle timeout value
Add a new config SESSION_REFRESH (default True) which
turns SESSION_TIMEOUT into an idle timeout rather than
a hard timeout.
The existing hard timeout is awful UX, and while
SESSION_TIMEOUT could be set to a higher value, it
still makes for a somewhat unpleasant experience.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: Icc6942e62c4e8d2fac57988b0a2233a8073b1944
Diffstat (limited to 'openstack_dashboard/settings.py')
-rw-r--r-- | openstack_dashboard/settings.py | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/openstack_dashboard/settings.py b/openstack_dashboard/settings.py index 2619acd85..b168ae41f 100644 --- a/openstack_dashboard/settings.py +++ b/openstack_dashboard/settings.py @@ -203,9 +203,17 @@ SESSION_COOKIE_HTTPONLY = True SESSION_EXPIRE_AT_BROWSER_CLOSE = True SESSION_COOKIE_SECURE = False -# SESSION_TIMEOUT is a method to supersede the token timeout with a shorter -# horizon session timeout (in seconds). So if your token expires in 60 -# minutes, a value of 1800 will log users out after 30 minutes +# Control whether the SESSION_TIMEOUT period is refreshed due to activity. If +# False, SESSION_TIMEOUT acts as a hard limit. +SESSION_REFRESH = True + +# This SESSION_TIMEOUT is a method to supercede the token timeout with a +# shorter horizon session timeout (in seconds). If SESSION_REFRESH is True (the +# default) SESSION_TIMEOUT acts like an idle timeout rather than being a hard +# limit, but will never exceed the token expiry. If your token expires in 60 +# minutes, a value of 1800 will log users out after 30 minutes of inactivity, +# or 60 minutes with activity. Setting SESSION_REFRESH to False will make +# SESSION_TIMEOUT act like a hard limit on session times. SESSION_TIMEOUT = 3600 # When using cookie-based sessions, log error when the session cookie exceeds |