Invalid Security Token timeout with delayed note submit

[Anagoge]

If I go into a bug and type in a long note and come to it several hours later to finish the note, I get an error reading like Invalid Security Token when I try to submit the note and then the browser back button erases the note text. This has happened several times to me, and I assume it is a timeout feature for added security. Is there any way to make this timeout much longer (at least a couple of days in length), to prevent data loss like this? I'm using Mantis 1.2.0 on a Linux server, with no customizations.

[atrol]

You can disable session validation by adding the following line to file config_inc.php

Code: Select all

$g_session_validation = OFF;

And yes, this is a potential security risk
There are also PHP settings (php.ini) which influence sessions timeout. I am no expert for this, please check the PHP documentation

[Anagoge]

I don't have direct access to the command line or the files on the web site, so I instead installed a Firefox addin called Lazarus Form Recovery which auto-saves a web form's contents for later retrieval. It works around this issue for me:
http://lazarus.interclue.com/

On many web sites, I can use the back button and successfully retrieve text I typed into a HTML textarea when the submit fails. Since it works in some cases, I assume it is a HTTP/HTML header setting that prevents this with Mantis pages (such as Cache-Control). Maybe that could be tweaked, so the security timeout feature was still in place, but the html page would not be refreshed/cleared when you use the back button? Sorry, I don't know more about HTTP or HTML to make a better suggestion, and there might be good reasons you don't want the data cached, such as refresh problems if the cache is stale or other security issues.