增强：全局连接控制界面逻辑编码完成，准备实现核心服务的业务处理逻辑。

server/www/teleport/static/js/system/config.js

@@ -533,26 +533,26 @@ $app.create_config_sess = function () {
 
     _sess.update_dom_session_cfg = function (sess) {
         _sess.dom.btn_sess_rdp_allow_clipboard.removeClass('tp-selected');
-        if (sess.rdp_allow_clipboard)
+        if (sess.flag_rdp & TP_FLAG_RDP_CLIPBOARD)
             _sess.dom.btn_sess_rdp_allow_clipboard.addClass('tp-selected');
 
         _sess.dom.btn_sess_rdp_allow_disk.removeClass('tp-selected');
-        if (sess.rdp_allow_disk)
+        if (sess.flag_rdp & TP_FLAG_RDP_DISK)
             _sess.dom.btn_sess_rdp_allow_disk.addClass('tp-selected');
 
         _sess.dom.btn_sess_rdp_allow_console.removeClass('tp-selected');
-        if (sess.rdp_allow_console)
+        if (sess.flag_rdp & TP_FLAG_RDP_CONSOLE)
             _sess.dom.btn_sess_rdp_allow_console.addClass('tp-selected');
 
         _sess.dom.btn_sess_ssh_allow_shell.removeClass('tp-selected');
-        if (sess.ssh_allow_shell)
+        if (sess.flag_rdp & TP_FLAG_SSH_SHELL)
             _sess.dom.btn_sess_ssh_allow_shell.addClass('tp-selected');
 
         _sess.dom.btn_sess_ssh_allow_sftp.removeClass('tp-selected');
-        if (sess.ssh_allow_sftp)
+        if (sess.flag_rdp & TP_FLAG_SSH_SFTP)
             _sess.dom.btn_sess_ssh_allow_sftp.addClass('tp-selected');
 
-        _sess.dom.input_noop_timeout.val(sess.timeout);
+        _sess.dom.input_noop_timeout.val(sess.noop_timeout);
     };
 
     _sess.on_btn_save = function () {

server/www/teleport/webroot/app/base/configs.py

@@ -494,6 +494,25 @@ class AppConfig(BaseAppConfig):
             # self.sys.login.auth = TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA | TP_LOGIN_AUTH_USERNAME_OATH | TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH
             self.sys.login.auth = TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA | TP_LOGIN_AUTH_USERNAME_PASSWORD_OATH
 
+        # =====================================
+        # 连接控制相关
+        # =====================================
+        try:
+            _sess = json.loads(conf_data['session'])
+        except:
+            log.w('session config not set or invalid, use default.\n')
+            _sess = {}
+
+        self.sys.session = tp_convert_to_attr_dict(_sess)
+        if not self.sys.session.is_exists('noop_timeout'):
+            self.sys.session.noop_timeout = 15  # 15 minute
+        if not self.sys.session.is_exists('flag_record'):
+            self.sys.session.flag_record = TP_FLAG_ALL  # TP_FLAG_RECORD_REPLAY | TP_FLAG_RECORD_REAL_TIME
+        if not self.sys.session.is_exists('flag_rdp'):
+            self.sys.session.flag_rdp = TP_FLAG_ALL  # TP_FLAG_RDP_DESKTOP | TP_FLAG_RDP_CLIPBOARD | TP_FLAG_RDP_DISK | TP_FLAG_RDP_CONSOLE
+        if not self.sys.session.is_exists('flag_ssh'):
+            self.sys.session.flag_ssh = TP_FLAG_ALL  # TP_FLAG_SSH_SHELL | TP_FLAG_SSH_SFTP
+
         # =====================================
         # SMTP相关
         # =====================================

server/www/teleport/webroot/app/controller/system.py

@@ -250,7 +250,7 @@ class DoSaveCfgHandler(TPBaseJsonHandler):
                 else:
                     return self.write_json(err)
 
-            if 'password' in args:
+            elif 'password' in args:
                 _cfg = args['password']
                 _allow_reset = _cfg['allow_reset']
                 _force_strong = _cfg['force_strong']
@@ -263,7 +263,7 @@ class DoSaveCfgHandler(TPBaseJsonHandler):
                 else:
                     return self.write_json(err)
 
-            if 'login' in args:
+            elif 'login' in args:
                 _cfg = args['login']
                 _session_timeout = _cfg['session_timeout']
                 _retry = _cfg['retry']
@@ -279,7 +279,23 @@ class DoSaveCfgHandler(TPBaseJsonHandler):
                 else:
                     return self.write_json(err)
 
-            if 'storage' in args:
+            elif 'session' in args:
+                _cfg = args['session']
+                _noop_timeout = _cfg['noop_timeout']
+                _flag_record = _cfg['flag_record']
+                _flag_rdp = _cfg['flag_rdp']
+                _flag_ssh = _cfg['flag_ssh']
+                err = system_model.save_config(self, '更新连接控制设置', 'session', _cfg)
+                if err == TPE_OK:
+                    tp_cfg().sys.session.noop_timeout = _noop_timeout
+                    tp_cfg().sys.session.flag_record = _flag_record
+                    tp_cfg().sys.session.flag_rdp = _flag_rdp
+                    tp_cfg().sys.session.flag_ssh = _flag_ssh
+                    tp_session().update_default_expire()
+                else:
+                    return self.write_json(err)
+
+            elif 'storage' in args:
                 _cfg = args['storage']
                 _keep_log = _cfg['keep_log']
                 _keep_record = _cfg['keep_record']
@@ -299,6 +315,8 @@ class DoSaveCfgHandler(TPBaseJsonHandler):
                     tp_cfg().sys.storage.cleanup_minute = _cleanup_minute
                 else:
                     return self.write_json(err)
+            else:
+                return self.write_json(TPE_PARAM)
 
             return self.write_json(TPE_OK)
         except: