6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
9/24/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#12136] Session Timeout not enforced
*
Your Email Address
*
Spam protection
Enter the letters below:
.__ .__ . . . __ [__)[ __| | |/ ` [__)[_./|___|__|\__.
Comment
> Currently horde relies only on session.gc_maxlifetime to enforce session > timeouts. > > Especially on systems where gc_probability needs to be low for > performance reasons or on low traffic servers this is a serious > problem, since sessions might be significantly longer valid, than it was > intended by the admin by setting conf['session']['timeout']. > > Therefore we should always check the last modification of the > session and deny authentication if the session should have timeouted. > > still working on a patch...
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers