dacdce6c50
This timeout will prevent an attacker from using a session that has been inactive for too long. This inactivity timeout combined with the timeout before expiration makes a good combination of security mechanisms to prevent session theft. If no activity timeout is provided, then the feature is disabled and only session expiration remains as a protection. |
||
---|---|---|
.. | ||
step_definitions | ||
support | ||
access-control.feature | ||
auth-portal-redirection.feature | ||
authentication.feature | ||
basic-auth.feature | ||
forward-headers.feature | ||
redirection.feature | ||
regulation.feature | ||
reset-password.feature | ||
resilience.feature | ||
restrictions.feature | ||
session-timeout.feature |