Closed dptom closed 9 years ago
There is no such thing as an "admin session" - the web app simply uses basic auth to authenticate to the server. The UI does not use cookies or a session per-se. The lifetime of the basic auth depends on the browser.
http://stackoverflow.com/questions/5957822/how-to-clear-basic-authentication-details-in-chrome
On 21 April 2015 at 00:44, dptom notifications@github.com wrote:
I've had a bit of an issue with the admin sessions surviving browser closure. Where is the timeout setting for the grr server or can we put a logout on to the page? I've noticed that the admin session remains in place when the network connection is broken (because of this crappy wireless network in EWR - and my VPN). Thoughts. I'll check the developer documentation and see if this is something I can easily add.
— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/162.
Okay. I'm just thinking it would be nice to have a logout link or control on every screen so that when we're using a browser like Firefox or Safari ( I know these may be evil words for Google, but some companies don't let us use that browser ) we can kill the login session. I may be over-simplifying, but I'm thinking of adding a logout link next to the API in the footer and firing a js to tell Django to logout. Not certain if it will work, but thought I'd give it a try.
— Tom Arnold, CISSP, ISSMP, CFS, PCI/PA QSA, Visa SA, PCI PFI, GCFE Principal, Head of Digital Forensics
Payment Software Company (PSC) 591 W. Hamilton Ave. | Suite 200 | Campbell | CA 95008 | USA
email tom@paysw.com | web www.paysw.com tel. +1.408.228.0961 x 102 | mobile +1.408.406.1758 | fax +1.408.340.5433
This e-mail message is for the sole use of the intended recipient and may contain confidential and privileged information of Payment Software Company, Inc. (PSC). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
On Apr 20, 2015, at 6:56 PM, Michael Cohen notifications@github.com wrote:
There is no such thing as an "admin session" - the web app simply uses basic auth to authenticate to the server. The UI does not use cookies or a session per-se. The lifetime of the basic auth depends on the browser.
http://stackoverflow.com/questions/5957822/how-to-clear-basic-authentication-details-in-chrome
On 21 April 2015 at 00:44, dptom notifications@github.com wrote:
I've had a bit of an issue with the admin sessions surviving browser closure. Where is the timeout setting for the grr server or can we put a logout on to the page? I've noticed that the admin session remains in place when the network connection is broken (because of this crappy wireless network in EWR - and my VPN). Thoughts. I'll check the developer documentation and see if this is something I can easily add.
— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/162.
— Reply to this email directly or view it on GitHub.
From an older issue. https://github.com/google/grr/issues/24
Thanks.... This answered my question. Thank you. I searched through the issues, but didn't come up with this. Please close out my issue as I'll look at my own authentication implementation as suggested.
Best,
— Tom Arnold, CISSP, ISSMP, CFS, PCI/PA QSA, Visa SA, PCI PFI, GCFE Principal, Head of Digital Forensics
Payment Software Company (PSC) 591 W. Hamilton Ave. | Suite 200 | Campbell | CA 95008 | USA
email tom@paysw.com | web www.paysw.com tel. +1.408.228.0961 x 102 | mobile +1.408.406.1758 | fax +1.408.340.5433
This e-mail message is for the sole use of the intended recipient and may contain confidential and privileged information of Payment Software Company, Inc. (PSC). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
On Apr 20, 2015, at 9:33 PM, Sean Gillespie notifications@github.com wrote:
From an older issue. #24
— Reply to this email directly or view it on GitHub.
No problem! I just remembered it from before and I had to dig for it a bit myself. For your own auth you will implement a class in gui/webauth.py b/gui/webauth.py and then just configure GRR to use that class instead of the default. I can't close the issue, but I think you should have a close button or maybe one of the others can get it.
Excellent. Thanks
Tom Arnold Principal PSC
Prepared on iPhone, so please excuse any typos.... Autocorrect sometimes becomes over zealous
On Apr 20, 2015, at 22:13, Sean Gillespie notifications@github.com wrote:
No problem. I just remembered it from before and I had to dig for it a bit myself. For your own auth you will implement a class in gui/webauth.py b/gui/webauth.py and then just configure GRR to use that class instead of the default.
— Reply to this email directly or view it on GitHub.
I've had a bit of an issue with the admin sessions surviving browser closure. Where is the timeout setting for the grr server or can we put a logout on to the page? I've noticed that the admin session remains in place when the network connection is broken (because of this crappy wireless network in EWR - and my VPN). Thoughts. I'll check the developer documentation and see if this is something I can easily add.