dacdce6c50
This timeout will prevent an attacker from using a session that has been inactive for too long. This inactivity timeout combined with the timeout before expiration makes a good combination of security mechanisms to prevent session theft. If no activity timeout is provided, then the feature is disabled and only session expiration remains as a protection. |
||
|---|---|---|
| .. | ||
| errors | ||
| firstfactor | ||
| password-reset | ||
| secondfactor | ||
| verify | ||