Commit Graph

1 Commits (c2dd244c9f5158fac5d41e4ad12ed1a2b4d0b425)

Author SHA1 Message Date
Clement Michaud b842792a16 Implement session inactivity timeout
This timeout will prevent an attacker from using a session that has been
inactive for too long.
This inactivity timeout combined with the timeout before expiration makes a
good combination of security mechanisms to prevent session theft.

If no activity timeout is provided, then the feature is disabled and only
session expiration remains as a protection.
2017-10-17 23:48:56 +02:00