Session Cookies

Moderator: crythias

Post Reply
tnieman
OTRS wizard
Posts: 103
Joined: 14 Nov 2012, 21:59
OTRS Version?: 3.1.6
Real Name: Tom Nieman
Company: WorkForce Software

Session Cookies

Post by tnieman »

Is it possible to change the domain being used for cookies?

We are using a single sign on through a portal. If the window with OTRS is closed without logging out, the session persists. We would like to be able to delete the cookie from our portal.

CSL
OTRS wizard
Posts: 159
Joined: 11 Nov 2011, 19:27
OTRS Version?: 3.0.11

Re: Session Cookies

Post by CSL »

I'm pretty sure the code will just take the configured domain for otrs and use that as the domain for the session cookie. I don't know how you'd change that, probably in the session or authentication perl modules.

One way to do this might be to have a very short session idle logout time, say 15 or 20 minutes, but this could cause issues with agents timing out while writing replies or conducting searches.

Without SSO, when users don't click the log-out button and just close the window the session persists as well, so you're not losing anything compared to the normal functionality of otrs. Greater discipline for them to click 'log out' is probably the way to go, rather than trying to come up with a technical solution. It shouldn't really be a problem unless users hot-desk or share computers, in which case you probably want them authenticating without SSO from those machines, and drum into them that they need to log out properly to cover themselves against others using their account.
Backend: OTRS 3.0.11 RedHat Enterprise Linux 6.2, Apache, MySQL with replication
Frontend: OTRS 3.0.11 RedHat Enterprise Linux 6.2 with SELinux, Apache SSL

crythias
Moderator
Posts: 10110
Joined: 04 May 2010, 18:38
OTRS Version?: 5.0.x
Location: SouthWest Florida, USA
Contact:

Re: Session Cookies

Post by crythias »

I agree with CSL. SSO precludes logout. That's the point of SSO.
OTRS 5.0.x (private/testing/public) on Linux with MySQL database. Also on github.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask

Post Reply