Project

General

Profile

Bug #4027

JSESSIONID is not expiring, causing a security risk

Added by Shaun Walbridge over 10 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Category:
metacat
Target version:
Start date:
04/24/2009
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
4027

Description

The session ids used by Metacat are currently configured to timeout after 30,000 minutes, or ~3 weeks. This should probably be shortened to something more reasonable, as a security precaution. We already use cookies for the registry (perhaps elsewhere?) and may want to replace sessionid use purely with cookies.

History

#1 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 4027

#2 Updated by ben leinfelder over 6 years ago

  • Status changed from New to Closed

isn't this just 6 hours?

session.timeoutMinutes=360

Also available in: Atom PDF