https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42924
Bug ID: 42924
Summary: Restore default MaxAge for CSRF token
Initiative type: ---
Sponsorship ---
status:
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Target Milestone: ---
Bug 17110 lowered the default MaxAge for the CSRF token from 1 week to 8 hours,
but that has led to increased usability problems for negligible security gains.
I propose to restore the default which is closer to the per-session approach
for CSRF tokens which tends to be the default in many web frameworks like
Django.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/