Admin UI logout or session timeout setting

[dptom]

I've had a bit of an issue with the admin sessions surviving browser closure. Where is the timeout setting for the grr server or can we put a logout on to the page? I've noticed that the admin session remains in place when the network connection is broken (because of this crappy wireless network in EWR - and my VPN). Thoughts. I'll check the developer documentation and see if this is something I can easily add.

[scudette]

There is no such thing as an "admin session" - the web app simply uses
basic auth to authenticate to the server. The UI does not use cookies or a
session per-se. The lifetime of the basic auth depends on the browser.

http://stackoverflow.com/questions/5957822/how-to-clear-basic-authentication-details-in-chrome

On 21 April 2015 at 00:44, dptom notifications@github.com wrote:

I've had a bit of an issue with the admin sessions surviving browser
closure. Where is the timeout setting for the grr server or can we put a
logout on to the page? I've noticed that the admin session remains in place
when the network connection is broken (because of this crappy wireless
network in EWR - and my VPN). Thoughts. I'll check the developer
documentation and see if this is something I can easily add.

—
Reply to this email directly or view it on GitHub
#162.

[dptom]

Okay. I'm just thinking it would be nice to have a logout link or control on every screen so that when we're using a browser like Firefox or Safari ( I know these may be evil words for Google, but some companies don't let us use that browser ) we can kill the login session. I may be over-simplifying, but I'm thinking of adding a logout link next to the API in the footer and firing a js to tell Django to logout. Not certain if it will work, but thought I'd give it a try.

—
Tom Arnold, CISSP, ISSMP, CFS, PCI/PA QSA, Visa SA, PCI PFI, GCFE
Principal, Head of Digital Forensics

Payment Software Company (PSC)
591 W. Hamilton Ave. | Suite 200 | Campbell | CA 95008 | USA

email tom@paysw.com | web www.paysw.com
tel. +1.408.228.0961 x 102 | mobile +1.408.406.1758 | fax +1.408.340.5433

This e-mail message is for the sole use of the intended recipient and may contain confidential and privileged information of Payment Software Company, Inc. (PSC). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

On Apr 20, 2015, at 6:56 PM, Michael Cohen notifications@github.com wrote:

There is no such thing as an "admin session" - the web app simply uses
basic auth to authenticate to the server. The UI does not use cookies or a
session per-se. The lifetime of the basic auth depends on the browser.

http://stackoverflow.com/questions/5957822/how-to-clear-basic-authentication-details-in-chrome

On 21 April 2015 at 00:44, dptom notifications@github.com wrote:

I've had a bit of an issue with the admin sessions surviving browser
closure. Where is the timeout setting for the grr server or can we put a
logout on to the page? I've noticed that the admin session remains in place
when the network connection is broken (because of this crappy wireless
network in EWR - and my VPN). Thoughts. I'll check the developer
documentation and see if this is something I can easily add.

—
Reply to this email directly or view it on GitHub
#162.

—
Reply to this email directly or view it on GitHub.

[pidydx]

From an older issue. #24

[dptom]

Thanks.... This answered my question. Thank you. I searched through the issues, but didn't come up with this. Please close out my issue as I'll look at my own authentication implementation as suggested.

Best,

—
Tom Arnold, CISSP, ISSMP, CFS, PCI/PA QSA, Visa SA, PCI PFI, GCFE
Principal, Head of Digital Forensics

Payment Software Company (PSC)
591 W. Hamilton Ave. | Suite 200 | Campbell | CA 95008 | USA

email tom@paysw.com | web www.paysw.com
tel. +1.408.228.0961 x 102 | mobile +1.408.406.1758 | fax +1.408.340.5433

This e-mail message is for the sole use of the intended recipient and may contain confidential and privileged information of Payment Software Company, Inc. (PSC). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

On Apr 20, 2015, at 9:33 PM, Sean Gillespie notifications@github.com wrote:

From an older issue. #24

—
Reply to this email directly or view it on GitHub.

[pidydx]

No problem! I just remembered it from before and I had to dig for it a bit myself. For your own auth you will implement a class in gui/webauth.py b/gui/webauth.py and then just configure GRR to use that class instead of the default. I can't close the issue, but I think you should have a close button or maybe one of the others can get it.

[dptom]

Excellent. Thanks

Tom Arnold
Principal
PSC

Prepared on iPhone, so please excuse any typos.... Autocorrect sometimes becomes over zealous

On Apr 20, 2015, at 22:13, Sean Gillespie notifications@github.com wrote:

No problem. I just remembered it from before and I had to dig for it a bit myself. For your own auth you will implement a class in gui/webauth.py b/gui/webauth.py and then just configure GRR to use that class instead of the default.

—
Reply to this email directly or view it on GitHub.