You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2019-07-13 11:02:23

kpcomp
Member
Registered: 2008-07-12
Posts: 57

CSRF expiration extension via local_define.php

Hello,

CSRF token expiration is very short (7200) and as we are sometimes documenting
installations etc. which takes a lot of time u lost everything on Save as token is expired.

Attempt to redefine with local_define.php failed as they are defined without taking this
local setting into account in define.php (GLPI_USE_CSRF_CHECK does respect it).

Is it possible to allow GLPI_CSRF_EXPIRES and GLPI_CSRF_MAX_TOKENS to be defined
via local_define.php?

i.e. something like
if (!defined('GLPI_CSRF_EXPIRES')) {
define("GLPI_CSRF_EXPIRES", "7200");
}
if (!defined('GLPI_CSRF_MAX_TOKENS')) {
define("GLPI_CSRF_MAX_TOKENS", "100");
}

Cheers.

Offline

#2 2023-01-20 10:17:38

M.sizec
Member
Registered: 2008-05-30
Posts: 133

Re: CSRF expiration extension via local_define.php

Yep, as told here
https://github.com/glpi-project/glpi/issues/12791

Offline

Pages: 1

Board footer

Powered by FluxBB