Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it.  We invite you to submit your ideas using the form below.  Please be sure to include the problem for which you are solving and the benefits of implementing the idea.  Thanks for collaborating with us!

A2 configurable webUI session timer

Several customers have asked that the Automate2 WebUI 3 minute session timer be user-configurable.

I looked at the output of `chef-automate dev default-config` in Chef Automate 20190501153509 and found no instances of "time" or "session" that were applicable to this case, so the timer value appears to be hardcoded currently.

  • Sean Horn
  • May 10 2019
  • Likely to implement
  • Attach files
  • Richard Nixon commented
    11 Feb 14:59

    Not sure if this relates to the session expiry timer as I've never been logged out after 3 mins.

     

    The docs at https://automate.chef.io/docs/ldap/#authentication-via-existing-identity-management-systems say that SAML users get 24h, and there is no specified time for LDAP/AD and Local users.

     

    Looking at session cookies, it seems they expire in 24h, but get refreshed on any pages that auto update. Not sure how this is reflected in the A2 session table.

     

    Practical tests show I can stay logged in to A2 for more than 24h without interacting with the page.