keeping session alive with "live monitor"

Technical chat for the techies and development testers
Post Reply
mikedoc
Posts: 2
Joined: Fri Nov 07, 2008 2:52 pm

keeping session alive with "live monitor"

Post by mikedoc » Fri Nov 07, 2008 3:06 pm

[Intro: mikedoc is not a doctor; he shepherds a data recording system]

Like a lot of other systems, FreeNATS will time out and request a new login if I've not done anything for a while. It appears, however, that LiveMonitor refreshing is counted as activity, and if I leave a LiveMonitor up, the baddies can come up to my keyboard and make changes which will then be blamed on me. Of course, I can prevent access by putting a password on the screensaver, so it shouldn't be considered a bug.

Question: was this a deliberate design choice, or did it just fall out from normal session handling?

dave
Site Admin
Posts: 260
Joined: Fri May 30, 2008 9:09 pm
Location: UK
Contact:

Re: keeping session alive with "live monitor"

Post by dave » Fri Nov 07, 2008 8:22 pm

Hi Mikedoc,

Well perhaps a deliberate fall out from normal session handling :D

From the docs: By refreshing every 60 seconds the monitor page does not expire its session which is useful for monitor displays but you must be careful from a security viewpoint.

Let me know if it's a problem for you and I can always stop it refreshing the session but any drill-down etc wouldn't work.

or... create a read-only user that can do no bad stuff and use that for monitoring elevating yourself to the giddy heights of admin user only when required.

Cheers,

Dave.

mikedoc
Posts: 2
Joined: Fri Nov 07, 2008 2:52 pm

Re: keeping session alive with "live monitor"

Post by mikedoc » Tue Nov 11, 2008 10:54 pm

Hi Dave,

"Well perhaps a deliberate fall out from normal session handling"

Thanks for the reply. I was wondering if you have seen any "abnormal", more paranoid session handling which would allow refreshing without examining (to allow refresh to continue "forever") or updating the session expiry (to force any other activity to be re-authenticated).

Regards,
-- Mike

dave
Site Admin
Posts: 260
Joined: Fri May 30, 2008 9:09 pm
Location: UK
Contact:

Re: keeping session alive with "live monitor"

Post by dave » Wed Nov 12, 2008 6:48 pm

Hi,

Done - 1.02.1a now uploaded as the dev version.

You need to set the system variable site.monitor.keepalive to 0 (it will default to 1 if unset). This just means the monitor session check doesn't rely (or refresh) the expiry time.

Sadly most stuff doesn't support the ability to redirect back once authenticated but I have added it to the node view. Gradually more pages such as groups will get this.

Hope that is ok for you.

Cheers,

Dave.

Post Reply