[Trac] Headline news: Cookie expiration causes boss to panic
Sarah George
Sarah.George at infotech.monash.edu.au
Tue Feb 8 18:41:33 EST 2005
Emmanuel Blot wrote:
> BTW, is there an easy way to disable session tracking ?
>
> I'm not sure whether session tracking brings a lot of feature, however
> it brings a lot of troubles. I do not think I can use Trac without
> getting this error message at least once a day. As authentication is
> done through HTTP header, I believe we can 'live' (i.e. use Trac)
> without sessions. Am I wrong ?
I've seen cvstrac hacked too many times to think easing up on security
checks is a good idea. It costs one extra mouse click a day to re-login.
Also, cookies have (as I understand it) an expiration timeout thingie.
Why not take a look at where that's set and change it for your
installation to be a longer timeout?
-- Sarah
More information about the Trac
mailing list