Re: [Webcollab-users] WebCollab sessions and other questions
Brought to you by:
andrewsimpson
Menu
▾
▴
Re: [Webcollab-users] WebCollab sessions and other questions
|
From: Andrew S. <and...@pa...> - 2003-12-11 04:29:45
|
On Wed, 10 Dec 2003 00:08:20 -0800 "Mark D. Anderson" <md...@di...> wrote: > Hi - I just installed WebCollab 1.50, and had some questions. > > It seems that session timeout is currently hardcoded constants in > the code, not in config.php. > In particular: > > setup/security_setup.php has a 10-minute inactivity timeout. > users/user_online.php has a hard-coded 1 hour for a user being > "online". includes/security.php has a hard-coded 1 hour for inactity > timeout. > Yes, I've had a few comments about that previously. I should move the /includes/security.php timeouts into config.php. The other two aren't so critical. /setup/includes/security.php is only used during setup, when a short timeout is good since you're playing with system setup. The other one isn't timeout, it just shows recent logins, and older logins. > Also, I don't see any where to configure whether I want to get > notified of application errors/warnings, or of which ones. > I certainly don't want to get an email every time a user's session > times out, and that is what it is currently doing. > This seems to be because timeout test in security.php purges the > session, so that the next time through the code, instead the > user gets the "no_session" error, a copy of which is then > sent to my email box. > Remove your email address from the config file section on error messages :) The timeout test needs a bit of revamping (see above), and probably should fall through to a login screen, rather than an error message. > Lastly, I should mention that you do now have a user reliant on smtp > auth:). > I can understant why, if installed in an intranet setting, > smtp auth is not often useful. > But i'm installing in an outside hosted web server, and i > want to be able to use a particular smtp server from the > outside, and that requires smtp auth. > Thankfully, it is working for me. > You've read the comments about SMTP_AUTH :) Basically, I have no way of testing SMTP AUTH (or, no desire to setup a dummy SMTP_AUTH test server); the code was broken for a long time; I got no bug reports... When I looked at the RFC's, I saw a _number_ of differing forms of SMTP AUTH, some of them heavily encrypted and complex. Is it worthwhile coding for complicated protocols that no one seems interested in? I'll leave the existing 'plain text' SMTP AUTH in the code (obviously I know it works now :) ). Hopefully that will work for most... Regards Andrew Simpson |
