shouldn't v8 end a user session when server is stopped/restarted?

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Księgowość
Zapasy
PoS
Project
MRP

All apps

Wszystkie posty Osoby Odznaki

Tagi (Zobacz wszystko)

odoo accounting v14 pos v15

O tym forum

Pomoc

shouldn't v8 end a user session when server is stopped/restarted?

v8 v7 session bug

1 Odpowiedz

3858 Widoki

gunnar

I guess odoo should end user sessions when the server is being stop/restarted and require a new login procedure when it come up again (which is standard behavior in v7) v8 doesn't do that. Seems as sessions are 'eternal'. Is that a new feature or a bug?

EDIT: filed a bug report here https://github.com/OCA/OCB/issues/38

Ben Bernard

I don't know about version 7, but in version 6.1 the behavior is 'eternal', like you said for version 8. I think this is by design and not a bug. The root problem is the design of session cookie. If what you want is not 'eternal' session, the session should be stored in database. I think there is already a module for this.

Talking about session cookies, there should be a configuration / code to change the expired date option (or a generation of a secret number to invalidate the session), but I haven't check it yet.

gunnar

Autor

aren't eternal Sessions pretty insecure? especially due to the fact that OE targets at being used online. (Imagine you login in an internet cafe or whateer public or semi-public place [like your colleagues terminal in the office on the upper floor], forget to logout, electricity dropout ...) Your whole data is exposed to that machine. Isn't it a little strange to have such by design?

Ben Bernard

Yes, I agree with you. But, we already live with this kind of problem (not limited to Odoo only). One solution to improve your Odoo service is to use full https. The tradeoff is usually convenience for user (such as performance), but this is only my opinion.

Podoba Ci się ta dyskusja? Dołącz do niej!

Stwórz konto dzisiaj, aby cieszyć się ekskluzywnymi funkcjami i wchodzić w interakcje z naszą wspaniałą społecznością!

Zarejestruj się

Powiązane posty	Odpowiedzi	Widoki
Loading wrong configuration file? Rozwiązane v8 v7	1 kwi 15	8437
Mass Mailing is broken in v7? v8 v7	1 mar 15	3332
Does the PostgreSQL user for Odoo HAVE to be a 'superuser' (as documented)? Rozwiązane v8 v7	2 mar 15	17425
Settings to session timeout? Rozwiązane security v7 session	17 kwi 24	58196
Nginx with 2 Odoo Instances v7 and v8 Rozwiązane v8 v7 nginx	1 wrz 24	8194

To pytanie dostało ostrzeżenie

Podoba Ci się ta dyskusja? Dołącz do niej!