[Koha] Login Timeout

Chris Cormack chris at bigballofwax.co.nz
Sun Oct 13 13:21:05 NZDT 2013


On 13 October 2013 13:16, Mark Tompsett <mtompset at hotmail.com> wrote:
> Greetings,
>
>
> On 12-10-13 16:23, Jack Morash wrote:
>>>
>>> Managed to get my login time out set to 1 sec.
>>> Is the Admin preferences saved in the database or a file.
>
>
>> Might be worth filing a bug, we should perhaps ensure that that
>> can't be set to something unreasonable, e.g. < 60 seconds.
>
>
> +1 to that idea. A little bit of lag, and *BOOM* a 1 second timeout fails to
> log a user in. That is unacceptable to the average user, because they'll
> keep trying and trying and trying only become more and more frustrated with
> the system.
>
> As for what a reasonable time out is, I think 60 seconds is a good overall
> number, but perhaps something as low as 30 seconds might be okay. Anything
> lower is tempting fate. I'll admit to a 20 second timeout, but since I have
> a multi-key solution (20 seconds per key) in my specialized login code, that
> gives me 40 seconds overall.
>
>
Hi Mark

You've misunderstood, this is the inactivity timeout, there is no
timeout for completing a login request.
What has happened is the person has the set the inactivity timeout for
1second, which doesn't give them enough time to get to
systempreferences and change it back. It times them out 1 second after
they login.

However Robin is right, not allowing the inactivity timeout to be set
for less than a minute is probably a good idea.

Chris


More information about the Koha mailing list