rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests Packages Releases Wiki Activity

security: forcibly expire old sessions #69

Closed
justcool393 wants to merge 1 commits from <deleted>:session-expiration into master
pull from: <deleted>:session-expiration
merge into: rDrama:master
Conversation 2 Commits 1 Files Changed 1
justcool393 commented 2022-12-14 23:59:37 +00:00

this helps to guard against a replay attack with session cookies.
we use the session for a number of things, including logged in status,
history, poorcel mode, etc. a user can be logged in indefinitely by
replaying their session cookie or doing something which resets the timer
(ex. toggling poor mode). this adds a session expiration to whatever the
SESSION_LIFETIME constant is, which shouldn't be too restrictive (login
sessions being valid for 1 year).

this helps to guard against a replay attack with session cookies. we use the session for a number of things, including logged in status, history, poorcel mode, etc. a user can be logged in indefinitely by replaying their session cookie or doing something which resets the timer (ex. toggling poor mode). this adds a session expiration to whatever the SESSION_LIFETIME constant is, which shouldn't be too restrictive (login sessions being valid for 1 year).
🎉 1
justcool393 added 1 commit 2022-12-14 23:59:38 +00:00
f19eefcfe7 security: forcibly expire old sessions 
this helps to guard against a replay attack with session cookies.
we use the session for a number of things, including logged in status,
history, poorcel mode, etc. a user can be logged in indefinitely by
replaying their session cookie or doing something which resets the timer
(ex. toggling poor mode). this adds a session expiration to whatever the
SESSION_LIFETIME constant is, which shouldn't be too restrictive (login
sessions being valid for 1 year).
Aevann commented 2022-12-22 16:36:01 +00:00
Owner

fixes problem that doesnt exist

fixes problem that doesnt exist
Aevann closed this pull request 2022-12-22 16:36:02 +00:00
Aevann commented 2022-12-22 16:36:17 +00:00
Owner

check discord DMs

check discord DMs

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working   
duplicate

This issue or pull request already exists   
feature

New feature   
good first issue

New and want to help?   
help wanted

Need some help   
improvement

Code-focused: maintenance, refactoring   
invalid

Something is wrong   
question

More information is needed   
wontfix

This won't be fixed
No Label
bug
duplicate
feature
good first issue
help wanted
improvement
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: rDrama/rDrama#69
There is no content yet.
Delete Branch "<deleted>:session-expiration"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?