View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009810 | mantisbt | authentication | public | 2008-11-13 11:44 | 2009-01-27 12:52 |
Reporter | thraxisp | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | acknowledged | Resolution | open | ||
Product Version | 1.1.2 | ||||
Summary | 0009810: login cookie never changes | ||||
Description | It appears that the Mantis cookie value only changes when the password changes (which may be never, if LDAP authentication is used). We should change the cookie periodically, say, on every login. This may be a security issue. | ||||
Tags | No tags attached. | ||||
I agree with the concept. The question is: do we want a user logging in machine X to be logged out from Y? |
|
Here is a good login cookie process: http://jaspan.com/improved_persistent_login_cookie_best_practice |
|