Project

General

Profile

Actions

Bug #4027

closed

JSESSIONID is not expiring, causing a security risk

Added by Shaun Walbridge almost 14 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Category:
metacat
Target version:
Start date:
04/24/2009
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
4027

Description

The session ids used by Metacat are currently configured to timeout after 30,000 minutes, or ~3 weeks. This should probably be shortened to something more reasonable, as a security precaution. We already use cookies for the registry (perhaps elsewhere?) and may want to replace sessionid use purely with cookies.

Actions #1

Updated by Redmine Admin almost 10 years ago

Original Bugzilla ID was 4027

Actions #2

Updated by ben leinfelder almost 10 years ago

  • Status changed from New to Closed

isn't this just 6 hours?

session.timeoutMinutes=360

Actions

Also available in: Atom PDF