[Intro: mikedoc is not a doctor; he shepherds a data recording system]
Like a lot of other systems, FreeNATS will time out and request a new login if I've not done anything for a while. It appears, however, that LiveMonitor refreshing is counted as activity, and if I leave a LiveMonitor up, the baddies can come up to my keyboard and make changes which will then be blamed on me. Of course, I can prevent access by putting a password on the screensaver, so it shouldn't be considered a bug.
Question: was this a deliberate design choice, or did it just fall out from normal session handling?
keeping session alive with "live monitor"
Re: keeping session alive with "live monitor"
Hi Mikedoc,
Well perhaps a deliberate fall out from normal session handling
From the docs: By refreshing every 60 seconds the monitor page does not expire its session which is useful for monitor displays but you must be careful from a security viewpoint.
Let me know if it's a problem for you and I can always stop it refreshing the session but any drill-down etc wouldn't work.
or... create a read-only user that can do no bad stuff and use that for monitoring elevating yourself to the giddy heights of admin user only when required.
Cheers,
Dave.
Well perhaps a deliberate fall out from normal session handling
From the docs: By refreshing every 60 seconds the monitor page does not expire its session which is useful for monitor displays but you must be careful from a security viewpoint.
Let me know if it's a problem for you and I can always stop it refreshing the session but any drill-down etc wouldn't work.
or... create a read-only user that can do no bad stuff and use that for monitoring elevating yourself to the giddy heights of admin user only when required.
Cheers,
Dave.
Re: keeping session alive with "live monitor"
Hi Dave,
"Well perhaps a deliberate fall out from normal session handling"
Thanks for the reply. I was wondering if you have seen any "abnormal", more paranoid session handling which would allow refreshing without examining (to allow refresh to continue "forever") or updating the session expiry (to force any other activity to be re-authenticated).
Regards,
-- Mike
"Well perhaps a deliberate fall out from normal session handling"
Thanks for the reply. I was wondering if you have seen any "abnormal", more paranoid session handling which would allow refreshing without examining (to allow refresh to continue "forever") or updating the session expiry (to force any other activity to be re-authenticated).
Regards,
-- Mike
Re: keeping session alive with "live monitor"
Hi,
Done - 1.02.1a now uploaded as the dev version.
You need to set the system variable site.monitor.keepalive to 0 (it will default to 1 if unset). This just means the monitor session check doesn't rely (or refresh) the expiry time.
Sadly most stuff doesn't support the ability to redirect back once authenticated but I have added it to the node view. Gradually more pages such as groups will get this.
Hope that is ok for you.
Cheers,
Dave.
Done - 1.02.1a now uploaded as the dev version.
You need to set the system variable site.monitor.keepalive to 0 (it will default to 1 if unset). This just means the monitor session check doesn't rely (or refresh) the expiry time.
Sadly most stuff doesn't support the ability to redirect back once authenticated but I have added it to the node view. Gradually more pages such as groups will get this.
Hope that is ok for you.
Cheers,
Dave.