[MAGNOLIA-7332] Magnolia Admin: Session Timeout not implemented: Created: 04/Jun/18  Updated: 10/Mar/21  Resolved: 10/Mar/21

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Mark Cunningham Assignee: Unassigned
Resolution: Not an issue Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled

 Description   

Session Timeout not implemented:

Description
The application login session did not expire after a period of inactivity or idle time, which means that as
long as the user's web browser remains open the session will still be valid.

Details
The application did not have a session timeout mechanism implemented in the main
functionality. This could leave a user’s session exposed to abuse if unattended.

Recommendations
After a set period of inactivity the session information should be destroyed and the user logged out.
Typically, the period of inactivity is set to twenty minutes for many applications, however, this should be
set according to security policy; the effect of application usability may also be a consideration or trade-off.


Generated at Mon Feb 12 04:22:50 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.