On Wed, Oct 26, 2011 at 12:11:25PM -0700, Adam Williamson wrote: > On Wed, 2011-10-26 at 09:57 -0700, Toshio Kuratomi wrote: > > On Tue, Oct 25, 2011 at 04:56:18PM -0700, Adam Williamson wrote: > > > On Tue, 2011-10-25 at 16:44 -0700, Toshio Kuratomi wrote: > > > > FAS and bodhi are single sign on (iirc, everything on > > > > admin.fedoraproject.org). > > > > > > Well, Bodhi seems to do a damn good job of forgetting you're signed in. > > > I've never tried to analyze this carefully, it's just a subjective > > > feeling that I seem to have to log into it a hell of a lot... > > > > > It's supposed to be 20 minutes of inactivity (ie, make no requests to > > fas/bodhi/pkgdb/elections in 20 minutes and your session expires). > > > > There's only one time that I've found this to not work when I've actually > > measured it. That was when we had time skew on our fas servers. So when > > a session was updated on one server, it updated the session information with > > a timestamp far enough in the past that the next server to check the session > > decided that it was expired. > > Well, 20 mins inactivity sounds about 'right', as in, it matches my > experience. seems like a very short timeout, but maybe it's appropriate. > We've asked for feedback from some of our Fedora security people about best practice here but I get the impression no one wants to commit on what best practices are. If you can find a best practice for idle timeouts somewhere that I can read up on, I can certainly look at making the session last longer. -Toshio
Attachment:
pgp3LIjCvXqds.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
