[Tickets #12136] Re: Session Timeout not enforced
noreply at bugs.horde.org
noreply at bugs.horde.org
Tue Apr 16 19:33:09 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/12136
------------------------------------------------------------------------------
Ticket | 12136
Updated By | o+horde at immerda.ch
Summary | Session Timeout not enforced
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
o+horde at immerda.ch (2013-04-16 19:33) wrote:
oh now i see the new commits.
as far as i can tell, they make the problem worse, as they combine
cookie lifetime and gc_maxlifetime into one config setting. so now i
cannot even get the weak security properties of setting
gc_maxlifetime, since it also affects cookie lifetime.
and as the comment in the config file correctly states, setting cookie
lifetime to "a non-zero value is NOT RECOMMENDED [...] this will most
certainly not work the way you want/think it should"
so why even provide this option??
More information about the bugs
mailing list