SessionTimeout

From Request Tracker Wiki
Jump to navigation Jump to search

There are several solutions to managing your Session in Request Tracker

RT 4.x

Tested only with 4.4.4, but probably also valid for older 4.x versions.

Option 1: AutoLogoff

Set `AutoLogoff` Setting in your config, i.e. to 60 Minutes:

Set($AutoLogoff, 60);

According to the RT_Config docs, setting this value automatically logs off any user after 60 minutes of inactivity (i.e. 60 minutes after your last action).

Source: https://docs.bestpractical.com/rt/4.4.4/RT_Config.html#AutoLogoff

Option 2: SetupSessionCookie

Alternative: Set $Expires next to $SessionCookie in /opt/rt/share/html/Elements/SetupSessionCookie

$SessionCookie => undef
$Expires => '+8h'

This means any session inactive for more than 8h (i.e. no action done in 8h), will expired. This alone is not enough to ensure the session won't work anymore.

You need to setup a cronjob to clean up old sessions, because the session cookies in your browser won't have an expiry date and the sessions in the database will remain there, unless cleaned up by a cronjob.

/opt/rt/sbin/rt-clean-sessions --older 1H

Add --skip-user if you allow one user to possibly have multiple sessions at the same time, i.e. in different browsers or workstations. Add --debug to debug what is going an.