just comment “if ( !$cookies{$cookiename} ) {” and closing “}”, then
clean mason cache and it should work.On 10/25/07, Thierry Thelliez thierry.thelliez.tech@gmail.com wrote:
Hi all,
I would like to install a user session timeout but could not figure
out how to do it.
If you sign up for a new RT support contract before December 31, we’ll take
up to 20 percent off the price. This sale won’t last long, so get in touch today.
Email us at sales@bestpractical.com or call us at +1 617 812 0745.
Although this is a super old posting, I add this because I was looking for an answer here too. Unfortunately this setting is still not easily configurable in the global config and in general quite confusing.
In RT 4.4.4 you have to edit (untested for this file: or copy it as a local override to /opt/rt/local/html/Elements/SetupSessionCookie):
/opt/rt/share/html/Elements/SetupSessionCookie
And add this below $SessionCookie => undef
$Expires => ‘+8h’
This will set your session timeout to 8h. But be aware, RT doesn’t reflect that in the browser cookies expiry time, these are good as long as the browser is open. You have to run a regular cron job, to actually clean up expired sessions:
/opt/rt/sbin/rt-clean-sessions --older 1H
This command will clean up all sessions that haven’t been used in more than 1h past the expiry date (8h as set above). It won’t affect sessions that are actively used.
This concept is a little weird, as rt-clean-sessions without the --older options doesn’t do anything, and as far as I can tell from tests, the lowest older time you can use, is 1 hour (1H).
I checked the code and seems like this might do the job a little easier.
The rt-clean-sessions cronjob is still needed or is cleanup done on every user action?
Too bad googling for Session timeout doesn’t bringt it up. May be putting a link in the wiki on related pages will help?
I’ll test it and create a wiki page, so it’s easier to find searching for terms like “session timeout”.
PS: Thanks knation, that was a quick reply. Sometimes posting in old threads obviously helps to clear things up. That’s a positive new experience for me.
The rt-clean-sessions cronjob is still needed or is cleanup done on every user action?
I looked at the code very quick and it looks like the old session will still be stored in the database but the user will still be required to create a new session by loggin in again