Skip to content
Snippets Groups Projects
Select Git revision
0 results
Blame Permalink
Forked from sucssite / sucs-site
Loading
  • Graham Cole's avatar
    ead753dc
    Attempt to fix some issues with the session library, including: · ead753dc
    Graham Cole authored 
    - Begin to stop it being so logout happy for ordinary users who aren't doing anything particularly sensitive on the site by keeping track of when a user was last asked for credentials
- Don't continue to use the same session identifier once a user is logged in; it's likely been sent insecurely
- Mark session cookies as "SSL only" once logged in
- Automatically bump users from HTTP to HTTPS for all requests whilst they're logged in
    ead753dc
    History
    Attempt to fix some issues with the session library, including:
    Graham Cole authored 
    - Begin to stop it being so logout happy for ordinary users who aren't doing anything particularly sensitive on the site by keeping track of when a user was last asked for credentials
- Don't continue to use the same session identifier once a user is logged in; it's likely been sent insecurely
- Mark session cookies as "SSL only" once logged in
- Automatically bump users from HTTP to HTTPS for all requests whilst they're logged in