Project

General

Profile

Actions
Copy link

Bug #4027

closed

JSESSIONID is not expiring, causing a security risk

Added by Shaun Walbridge almost 15 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Michael Daigle
Category:
metacat
Target version:
Unspecified
Start date:
04/24/2009
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
4027

Description

The session ids used by Metacat are currently configured to timeout after 30,000 minutes, or ~3 weeks. This should probably be shortened to something more reasonable, as a security precaution. We already use cookies for the registry (perhaps elsewhere?) and may want to replace sessionid use purely with cookies.

Actions
Copy link
 #1

Updated by Redmine Admin about 11 years ago

Original Bugzilla ID was 4027

Actions
Copy link
 #2

Updated by ben leinfelder about 11 years ago

  • Status changed from New to Closed

isn't this just 6 hours?

session.timeoutMinutes=360

Actions
Copy link

Also available in: Atom PDF