Přejít na obsah
Menu
You need to be registered to interact with the community.
This question has been flagged
2 Odpovědi
5946 Zobrazení

How can I change the cookie validity date for the Odoo session?   It is a security risk.   We have to reduce it.   Thanks

Avatar
Zrušit
Nejlepší odpověď

by default odoo. set 90 days validity for session_id and it's incremental if you ever access odoo within 90 days it will extend its validity from access day/date

you can change validity from here
https://github.com/odoo/odoo/blob/13.0/odoo/http.py#L1400 => 90 days = 90 * 24 * 60 * 60 seconds

It's not a security risk as far as your physical device secure and no one can steal your session_id from your browser 

Note: odoo don't track all the login devices so in case of a stolen physical device you can not log out from that device.

Avatar
Zrušit
Autor Nejlepší odpověď

Hi Ravi,   Thanks for your answer.   

We are using the MS Active Directory (AD) password verification and our security concern is because we do not see Odoo to be querying AD every time a user logs in.

How often is the password verified against AD?   

What happens if a session is open in Odoo for many days (because the session is still valid in the cookies) and the user is blocked or deleted from AD?

Avatar
Zrušit
Related Posts Odpovědi Zobrazení Aktivita
0
bře 15
6800
0
kvě 25
1153
1
srp 19
5478
0
lis 15
5708
0
pro 21
3026