Actions
Bug #4027
closedJSESSIONID is not expiring, causing a security risk
Start date:
04/24/2009
Due date:
% Done:
0%
Estimated time:
Bugzilla-Id:
4027
Description
The session ids used by Metacat are currently configured to timeout after 30,000 minutes, or ~3 weeks. This should probably be shortened to something more reasonable, as a security precaution. We already use cookies for the registry (perhaps elsewhere?) and may want to replace sessionid use purely with cookies.
Actions