View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0009810mantisbtauthenticationpublic2008-11-13 11:442009-01-27 12:52
Reporterthraxisp Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version1.1.2 
Summary0009810: login cookie never changes
Description

It appears that the Mantis cookie value only changes when the password changes (which may be never, if LDAP authentication is used). We should change the cookie periodically, say, on every login.

This may be a security issue.

TagsNo tags attached.

Relationships

has duplicate 0012277 closeddhx Cookie tokens are constant for a particular user 

Activities

vboctor

vboctor

2008-11-13 14:10

manager   ~0019872

I agree with the concept. The question is: do we want a user logging in machine X to be logged out from Y?
thraxisp

thraxisp

2009-01-27 12:52

reporter   ~0020730

Here is a good login cookie process: http://jaspan.com/improved_persistent_login_cookie_best_practice