Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-6647

Customize Session Inactivity and Maximum Timeout for developer portal

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • SaaS, 2.9.1 GA
    • System
    • False
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Undefined

      A developer has signed in the 3Scale developer portal and kept the tab inactive over one day, afterwards, the next day, he still can edit her account info without reauthentication.
      These session aspects should be customizable for developer portal:
      1. Session Inactivity Timeout value, i.e. 15 minutes as most net banks do
      2. Session Maximum Timeout value, i.e. 2 hours

      These too long Inactivity Timeout and Max Session Timeout values provides threat actor more opportunities for session highjacking.

            Unassigned Unassigned
            rhn-support-cpalmier Carlo Palmieri (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: