Commit Graph

1 Commits (8def9bb1a93b3163360496ac8fe61ad3445c7c45)

Author SHA1 Message Date
Clement Michaud b842792a16 Implement session inactivity timeout
This timeout will prevent an attacker from using a session that has been
inactive for too long.
This inactivity timeout combined with the timeout before expiration makes a
good combination of security mechanisms to prevent session theft.

If no activity timeout is provided, then the feature is disabled and only
session expiration remains as a protection.
2017-10-17 23:48:56 +02:00