Project

General

Profile

Actions

Todo #14264

open

Consider lowering default session timeout from current default of four hours (240m)

Added by Jim Pingle over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Plus-Next
Release Notes:
Default

Description

The current session timeout is 240 minutes (four hours), but it might be time to lower that a bit. Current concerns with session hijacking make that seem like a larger window than it should be by default.

It's hard to say what the most optimal secure value here is without irritating the user, but it may be at least enough to cut it in half (two hours, 120 minutes) and see what the user experience is like.

Users are always free to change the value as they see fit (System > User Manager, Settings tab) so anyone with immediate concerns can lower it themselves now, and if someone finds whatever the new default value is too short, they could raise it themselves as well.

No data to display

Actions

Also available in: Atom PDF