Re: Session timeout

On 18/10/2019 09.09, Arni Kromić wrote:
> On 17/10/2019 15.24, Arni Kromić wrote:
>> On 17/10/2019 11.05, Khushboo Vashi wrote:
>>> Hi Arni,
>>>
>>> On Thu, Oct 17, 2019 at 1:41 PM Arni Kromić <arni(dot)kromic(at)bios-ict(dot)hr
>>> <mailto:arni(dot)kromic(at)bios-ict(dot)hr>> wrote:
>>>
>>> A question asked on the list reminded me of something... I've always
>>> wondered if it's possible to prolong or prevent pgAdmin4 session
>>> timeouts. This way if I leave the computer for a long time
>>> (especially
>>> if it gets suspended), I have to refresh page, and login again. That
>>> also means that any query/data tabs are lost.
>>>
>>> Can i prevent the session from expiring so I can stay logged in?
>>> I don't
>>> need this at all for security because both the database and the
>>> pgAdmin
>>> service are on my development computer which only I use.
>>>
>>> No, you can't prevent the session expiration completely but, you can
>>> increase the timeout limits.
>>> Check the below configurations in config.py file.
>>>
>>> MAX_SESSION_IDLE_TIME
>>> SESSION_EXPIRATION_TIME
>>> CHECK_SESSION_FILES_INTERVAL
>>>
>>> You will get information regarding the parameters in the file
>>> itself, and can override above settings as per your requirement.
>>>
>>> Thanks,
>>> Khushboo
>>>
>>
>> Thank you very much, I believe this is exactly what I need. I've
>> tuned those parameters on my development machine to work more
>> comfortably, I hope it will do the trick.
>>
>> --
>> Kind Regards,
>> Arni Kromić
> Unfortunately this didn't solve the problem. I've prolonged the first
> parameter from 1 hour to 24 and the other two from one day to three;
> but when I put the computer to sleep yesterday afternoon and woke it
> up this morning, it required relogin. Again I couldn't stop the work
> and continue.
>
> I don't know if anything else is needed to apply the settings, I just
> restarted Apache and re-login to pgAdmin. I've also observed that the
> same session does continue normally if I leave the computer for a few
> hours and it also survives when I put the computer to sleep and wake
> it up after a short while. Why does it not listen to my changed
> configuration?
>
> The file I edited is /usr/share/pgadmin4/web/config.py, which I
> suppose is the right one for my computer. The software was installed
> on Ubuntu from upstream (your) apt repository.
> --
> Kind Regards,
> Arni Kromić

Ok so is there anything else I should try to prevent the session to
expire by the next day? Or is it possibly a bug to report if pgAdmin
doesn't really care about those settings?

But, I'd say there is definitely one bug present, an unwanted behavior.
When the login session becomes invalit, the interface stays the same,
but it just spits all kinds of errors when you try to do anything
("Would you like to reconnect to the database?" then various invalid
this and that errors.) The correct behavior would be to automatically
redirect to the login page if the login session expires. Should this be
reported?

--
Kind Regards,
Arni Kromić