just comment âif ( !$cookies{$cookiename} ) {â and closing â}â, then
clean mason cache and it should work.On 10/25/07, Thierry Thelliez thierry.thelliez.tech@gmail.com wrote:
Hi all,
I would like to install a user session timeout but could not figure
out how to do it.
If you sign up for a new RT support contract before December 31, weâll take
up to 20 percent off the price. This sale wonât last long, so get in touch today.
Email us at sales@bestpractical.com or call us at +1 617 812 0745.
Although this is a super old posting, I add this because I was looking for an answer here too. Unfortunately this setting is still not easily configurable in the global config and in general quite confusing.
In RT 4.4.4 you have to edit (untested for this file: or copy it as a local override to /opt/rt/local/html/Elements/SetupSessionCookie):
/opt/rt/share/html/Elements/SetupSessionCookie
And add this below $SessionCookie => undef
$Expires => â+8hâ
This will set your session timeout to 8h. But be aware, RT doesnât reflect that in the browser cookies expiry time, these are good as long as the browser is open. You have to run a regular cron job, to actually clean up expired sessions:
/opt/rt/sbin/rt-clean-sessions --older 1H
This command will clean up all sessions that havenât been used in more than 1h past the expiry date (8h as set above). It wonât affect sessions that are actively used.
This concept is a little weird, as rt-clean-sessions without the --older options doesnât do anything, and as far as I can tell from tests, the lowest older time you can use, is 1 hour (1H).
I checked the code and seems like this might do the job a little easier.
The rt-clean-sessions cronjob is still needed or is cleanup done on every user action?
Too bad googling for Session timeout doesnât bringt it up. May be putting a link in the wiki on related pages will help?
Iâll test it and create a wiki page, so itâs easier to find searching for terms like âsession timeoutâ.
PS: Thanks knation, that was a quick reply. Sometimes posting in old threads obviously helps to clear things up. Thatâs a positive new experience for me.
The rt-clean-sessions cronjob is still needed or is cleanup done on every user action?
I looked at the code very quick and it looks like the old session will still be stored in the database but the user will still be required to create a new session by loggin in again