From: Ivan Kohler Date: Tue, 18 Jul 2023 23:28:58 +0000 (-0700) Subject: default to a session cookie instead of setting an explicit timeout, weird timezone... X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain default to a session cookie instead of setting an explicit timeout, weird timezone/clock skew effects on server can cause firefox and other browsers to reject the session cookie, leading to silent login failures --- diff --git a/FS/FS/Conf.pm b/FS/FS/Conf.pm index 383fb0e88..57a886770 100644 --- a/FS/FS/Conf.pm +++ b/FS/FS/Conf.pm @@ -2452,8 +2452,8 @@ and customer address. Include units.', { 'key' => 'selfservice-timeout', - 'section' => 'self-service', - 'description' => 'Timeout for the self-service login cookie, in seconds. Defaults to 1 hour.', + 'section' => 'deprecated', + 'description' => 'Deprecated. Was the timeout for the self-service login cookie, in seconds. Defaulted to 1 hour.', 'type' => 'text', }, diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index 6eab11dae..b1fea7da2 100755 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -1250,10 +1250,8 @@ sub do_template { $fill_in->{$_} = $access_info->{$_} foreach keys %$access_info; # update the user's authentication - my $timeout = $access_info->{'timeout'} || '3600'; my $cookie = CGI::Cookie->new('-name' => 'session', '-value' => $session_id, - '-expires' => '+'.$timeout.'s', #'-secure' => 1, # would be a good idea... ); if ( $name eq 'logout' ) {