How can I change the cookie validity date for the Odoo session? It is a security risk. We have to reduce it. Thanks
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Kế toán
- Tồn kho
- PoS
- Project
- MRP
Câu hỏi này đã bị gắn cờ
2
Trả lời
6046
Lượt xem
by default odoo. set 90 days validity for session_id and it's incremental if you ever access odoo within 90 days it will extend its validity from access day/date
you can change validity from here
https://github.com/odoo/odoo/blob/13.0/odoo/http.py#L1400 => 90 days = 90 * 24 * 60 * 60 seconds
It's not a security risk as far as your physical device secure and no one can steal your session_id from your browser
Note: odoo don't track all the login devices so in case of a stolen physical device you can not log out from that device.
Hi Ravi, Thanks for your answer.
We are using the MS Active Directory (AD) password verification and our security concern is because we do not see Odoo to be querying AD every time a user logs in.
How often is the password verified against AD?
What happens if a session is open in Odoo for many days (because the session is still valid in the cookies) and the user is blocked or deleted from AD?
Bạn có hứng thú với cuộc thảo luận không? Đừng chỉ đọc, hãy tham gia nhé!
Tạo tài khoản ngay hôm nay để tận hưởng các tính năng độc đáo và tham gia cộng đồng tuyệt vời của chúng tôi!
Đăng ký| Bài viết liên quan | Trả lời | Lượt xem | Hoạt động | |
|---|---|---|---|---|
|
0
thg 3 15
|
6844 | ||
|
1
thg 8 25
|
1342 | ||
|
1
thg 8 19
|
5520 | ||
|
0
thg 11 15
|
5780 | ||
|
0
thg 12 21
|
3069 |
