• Status Closed
  • Percent Complete
  • Task Type TODO
  • Category User Interface
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version 1.0-rc9
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Flyspray
Opened by Taeress - 29.07.2019
Last edited by peterdd - 29.07.2019

FS#2558 - annoying wrongtoken


First of all, i love flyspray, i use it since years. Thanks you for your jobs.

I’m not sure if it’s a bug or improvement ask, but i want to express my dissatisfaction with the tokens. As many (majority?) user, i have many tab open, include flypray. I don’t use it during a moment and then want add a comment… I write it conscientiously, valid… WRONG TOKEN ! all my comment is delete ! it’s so annoying ! if i try precendent page or refresh it, it’s not change : comment is still totally gone ! it’s happen often as i forget all time to refresh the tab before add comment.

So please do something for keep session or a way to keep the comment writing.

Thanks you.

(i use the last flyspray version, all work fine except that).

Closed by  peterdd
29.07.2019 13:25
Reason for closing:  Duplicate
Additional comments about closing:  


Project Manager

I related some existing tasks.

May I ask what OS/Linux version you use?

Some systems use their own session cleanup scripts. And some with timeouts like 15 or 30 minutes only by default. You can fiddle with php parameters to extend the timeouts if you have control of server. See the related tasks.

The real solution for Flyspray is probably an configuration option to store the sessions in a session database table and Flyspray itself handles outdated session if necessary, not the operating systemm that does not know about how the app works.

Beside that, handling sessions in own session db table has some gain in other areas, like getting information of number of logged in users or notifications within browser tabs, not only by email/xmpp.

Project Manager

In FS#2316 there is some discussion.

I'm not an expert but your solution sound like good.

Flyspray is install in a linux share hosting than run cpanel 82.0.5, php 7.3, apache 2.4.39, sql 10.3.16-MariaDB, session.gc_maxlifetime 1440.

So actually if i increase php session time for flyspray to unlimited, there will be no more wrong token for comment?

A lot informations in this post indeed, thank you i will check.

Project Manager


It probably depends what Linux distribution your shared hosting is using and what their cleanup scripts of the server really do.

I tried with a default Debian 10 install in a vagrant box, installed Flyspray 1.0-rc9, logged in, opened task 1, added a random word as comment but not send and not do interact with that Flyspray for over 30 minutes.

In this Debian10 default:
- sessions are stored at /var/lib/php/sessions/
- a cronjob runs /usr/lib/php/sessionclean every 30 minutes

So if you have access to /var/lib/php/sesssion/ on that Debian you can watch if sess_* files get deleted when waiting long enough.


Available keyboard shortcuts


Task Details

Task Editing