EarthSystemCoG / COG

COG source code
BSD 3-Clause "New" or "Revised" License
8 stars 16 forks source link

Add a session timeout for security #1196

Open murphysj opened 8 years ago

murphysj commented 8 years ago

WHO: Sylvia

According to OWASP, we should have a session timeout so someone can not come behind another user on a public computer and use their session if they don't log out.

a) Create timeout b) Does logging out delete the session ID? If not, we should do that too.