[horde] Link only valid for 30 minutes behavior with log out
Michael J Rubinsky
mrubinsk at horde.org
Wed Jun 22 23:15:23 UTC 2011
Kareem Dana <kareem.dana at gmail.com> wrote:
>If I'm logged into horde, but idle for a while then come back and hit
>log
>out. I get the following message:
>
>This request cannot be completed because the link you followed or the
>form
>you submitted was only valid for 30 minutes. Please try again now.
>
>I understand the reason for having this when someone has been idle for
>a
>while, but I think when they hit log out and only log out, horde should
>log
>the user out regardless. Instead, it refreshes my session and I'm back
>to
>fully logged in and have to hit log out a second time. It can even
>improve
>security if a user hits log out, just assumes it will log them out and
>either leaves the pc right away or doesn't pay attention to what page
>loads
>next. I've done that from time to time. Any thoughts on this?
>--
>Horde mailing list
>Frequently Asked Questions: http://horde.org/faq/
>To unsubscribe, mail: horde-unsubscribe at lists.horde.org
This is to prevent logging a user out if they click on a malicious logout link someone may have crafted to your Horde server on a webpage/email etc... automatically logging the user out defeats the purpose of this feature.
--
Mike
Sent from mobile
More information about the horde
mailing list