security: forcibly expire old sessions #69

Closed

justcool393 wants to merge 1 commits from <deleted>:session-expiration into master

Author	SHA1	Message	Date
justcool393	f19eefcfe7	security: forcibly expire old sessions this helps to guard against a replay attack with session cookies. we use the session for a number of things, including logged in status, history, poorcel mode, etc. a user can be logged in indefinitely by replaying their session cookie or doing something which resets the timer (ex. toggling poor mode). this adds a session expiration to whatever the SESSION_LIFETIME constant is, which shouldn't be too restrictive (login sessions being valid for 1 year).	2022-12-14 17:59:00 -06:00

Author

SHA1

Message

Date

justcool393

f19eefcfe7

security: forcibly expire old sessions

this helps to guard against a replay attack with session cookies.
we use the session for a number of things, including logged in status,
history, poorcel mode, etc. a user can be logged in indefinitely by
replaying their session cookie or doing something which resets the timer
(ex. toggling poor mode). this adds a session expiration to whatever the
SESSION_LIFETIME constant is, which shouldn't be too restrictive (login
sessions being valid for 1 year).

2022-12-14 17:59:00 -06:00

security: forcibly expire old sessions #69

1 Commits (master)