Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security.
 

Timeout never expires


#1

Hi,

I logged in without selecting [remember-me] checkbox. Nevetheless when I came to office next morning I was still logged in and was not redirected to login page as it should be when timeout had expired.
I checked it twice after I got complaints from my users.

  1. How can I make redirection to login page work after timeout expires?
  2. Can I handle timeout settings on my server?

Client machine:
Win7
IE8 (customer’s requirement)

Thank you in advance,
Tatiana


#2

Hello Tatiana,

Thanks for your posting. TestRail doesn’t log you out after a specific time and the session stays active until you close the browser (if you don’t enable the remember-me checkbox, see below). I would recommend logging out manually or simply closing the browser if you no longer need access to TestRail.

If you enable the remember-me checkbox, TestRail keeps the session active even after you’ve closed your browser window/tab (via a cookie). You can then still log out (and clear the cookies) with the Logout link at the top of the page.

I hope this helps and please let me know in case you have any further questions!

Regards,
Tobias


#3

Hello Tobias,

Thank you for a quick reply.
Shame TestRail doesn’t have feature to deactivate your session after timeout in an opened browser. For security reasons many applications do this (e.g. Test Link)
Probably you might look at this feature in next releases.

Anyway, TestRail is a very good application for Test Management and we are considering the possibility of buying it.

Kind regards,
Tatiana


#4

Hello Tatiana,

Thanks for the update. While I understand your point, signing out users after a timeout is no longer a very common concept in (modern) web applications (except maybe for online banking). We recommend just closing the browser if you no longer need access to TestRail instead.

From a security perspective it’s usually a better idea to end the session when the web browser is closed and we specifically configure the session cookie so that the browser deletes it immediately when the browser is closed.

Great to hear that you enjoy working with TestRail so far and please let me know in case you have any further questions!

Regards,
Tobias