• Status New
  • Percent Complete
  • Task Type Feature Request
  • Category Backend/Core
  • Assigned To No-one
  • Operating System All
  • Severity Medium
  • Priority Very Low
  • Reported Version 1.0 devel (github master)
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Flyspray
Opened by peterdd - 21.01.2019

FS#2536 - store session in Flyspray database

Currently the sessions are stored by the webservers default settings.

Having this sessions under control by Flyspray by storing it in the database has following advantages:

  1. Allows handling of all sessions of a user by Flyspray.
  2. Providing a session management for each user. The user can see on which devices he is currently logged in and could also force a logout on selective devices.
  3. A forced logoff of all or some user sessions is easy implementable for admins.
  4. Statistics about how many users and who is logged in. (user status: hide always, online, offline, do not disturb, ..)
  5. Could make onpage-notifications easier to implement.
  6. .. ?


  1. A potential unknown security bug in Flyspray that could lead to reading a session db table could leak informations like who is currently online/active and make further attacks more focused or makes session takeover easier.
  2. .. ?

ADODB has support for session management that already implements most of that and more

Project Manager

I know, but not yet looked at that feature of ADOdb.
ADOdb itself is not complete at some sections, so I am not 'All In' to ADOdb.
(I still try to support/improve sections which Flyspray requires - xmlschema03,mysql,posgresql,datadict.. )

Original I had another solution in mind which was used by a popular shopping software and had good experience over many years with it. Required only one file.

This thing is currently low priority and requires evaluation of the different solutions IMHO.


Available keyboard shortcuts


Task Details

Task Editing