Project

General

Profile

Actions

Bug #4027

closed

JSESSIONID is not expiring, causing a security risk

Added by Shaun Walbridge over 15 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Category:
metacat
Target version:
Start date:
04/24/2009
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
4027

Description

The session ids used by Metacat are currently configured to timeout after 30,000 minutes, or ~3 weeks. This should probably be shortened to something more reasonable, as a security precaution. We already use cookies for the registry (perhaps elsewhere?) and may want to replace sessionid use purely with cookies.

Actions

Also available in: Atom PDF