Unused session cookies remain valid for very long periods
Bug #833308 reported by
Robert Collins
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Triaged
|
High
|
Unassigned | ||
Bug Description
This is about unused session cookies - cookies that are in use should be rotated (see bug 118599) but cookies that are not in use should be purged reasonably rapidly. The exact duration should probably be that used by Ubuntu SSO - shorter than that is meaningless and longer than that reduces the security policy Ubuntu SSO is providing.
To post a comment you must log in.
