Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-7332

Magnolia Admin: Session Timeout not implemented:

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not an issue
    • Neutral
    • None
    • None
    • None
    • None

    Description

      Session Timeout not implemented:

      Description
      The application login session did not expire after a period of inactivity or idle time, which means that as
      long as the user's web browser remains open the session will still be valid.

      Details
      The application did not have a session timeout mechanism implemented in the main
      functionality. This could leave a user’s session exposed to abuse if unattended.

      Recommendations
      After a set period of inactivity the session information should be destroyed and the user logged out.
      Typically, the period of inactivity is set to twenty minutes for many applications, however, this should be
      set according to security policy; the effect of application usability may also be a consideration or trade-off.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              Mark Cunningham Mark Cunningham
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD