#2070: Problems with the Session Timeout setting in WebUI
-----------------------+----------------------------------------------------
Reporter: mondalaci | Owner: damoxc
Type: bug | Status: new
Priority: minor | Milestone: Future
Component: webui | Version: 1.3.1
Keywords: |
-----------------------+----------------------------------------------------
I've been facing a number of problems regarding the Session Timeout
setting of WebUI. Some of these problems render WebUI completely useless,
forcing the user to hand-edit web.conf. Other issues involve usability
problems.
= Incorrect minimum value =
The lowest specifiable timeout value is 0 seconds, making the user unable
to carry out any actions after logging in. Anything below 1 minute
shouldn't be allowed for practical reasons.
According to the tests that I've done there's a threshold timeout value of
about 90 seconds. If the timeout is set to anything less than or equal to
this value then the login window will pop up directly after the login, not
even waiting for this short timespan to time out. I've tried force-
reloading the login page in order for the cookies to vanish but this
always happened. The threshold value wasn't exact but 90 seconds should
be in the ballpark.
= Incorrect maximum value =
The maximum value that can be specified is 9999999999999 which makes the
auth.login method responding with the following JSON:
{{{
{"id": 4, "result": null, "error": {"message": "date value out of range",
"code": 3}}
}}}
and !OverflowError gets thrown in the console:
{{{
[ERROR ] 17:46:15 json_api:227 Error calling method `auth.check_session`
[ERROR ] 17:46:15 json_api:228 date value out of range
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/deluge/ui/web/json_api.py", line
219, in _handle_request
result = self._exec_local(method, params, request)
File "/usr/lib/python2.7/dist-packages/deluge/ui/web/json_api.py", line
185, in _exec_local
component.get("Auth").check_request(request, meth)
File "/usr/lib/python2.7/dist-packages/deluge/ui/web/auth.py", line 231,
in check_request
expires, expires_str = make_expires(config["session_timeout"])
File "/usr/lib/python2.7/dist-packages/deluge/ui/web/auth.py", line 88,
in make_expires
expires = time.mktime((datetime.now() + dt).timetuple())
OverflowError: date value out of range
}}}
This makes login impossible.
Currently 13 digits of seconds can be specified. If you limited the
length to 11 digits you'd be safe because 99999999999 seconds wouldn't
throw the above exception. 9 digits would probably be an even better
choice considering that 999999999 seconds is ~32 years which should be
well enough for everybody.
A related disturbing issue is the maximum limit of 99999 seconds that is
forced by the spinbutton control (which can be overridden by simply typing
the desired value). This limit doesn't make any sense at all but it's
disturbing because values larger than this limit get underlined with red
zigzag line. I think this sipinbutton feature shouldn't be used at all in
this case.
= Impractical unit of measure =
Given that specifying anything under 1 minute doesn't make any practical
sense and given that users hardly want to specify the timeout value by
seconds it'd make a lot of sense to use a larger unit of measure instead
of seconds like minutes.
The most graceful solution would be to provide various units of measures,
such as minute, hour, day, month and year but I understand if you don't
wanna implement all this as it feels a bit overkill for such a simple
feature.
Whether you make the unit of measure choosable, the actual unit really
should be displayed otherwise one cannot know for sure what unit you
assume.
= No "Remember forever" option =
Rather than expecting the user to specify a large-enough number that makes
this feature happen, WebUI could provide an exact way to do that.
Ideally a "Remember Forever" checkbox could be featured next to the
timeout field. Upon checking it the spinbutton could get inactivated.
Alternatively, you could expect the user to type the 0 value manually for
this feature but in this case please make this crystal clear in the UI.
Whatever way you choose to implement this, on the config file level the 0
value could be great for this purpose.
--
Ticket URL: <http://dev.deluge-torrent.org/ticket/2070>
Deluge <http://deluge-torrent.org/>
Deluge project
--
You received this message because you are subscribed to the Google Groups
"Deluge Dev" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/deluge-dev?hl=en.
