Update session code to use minimal sessions

mozilla / vinz-clortho

INACTIVE - http://mzl.la/ghe-archive - BrowserID Keymaster for LDAP enabled Identity Providers

16 stars 21 forks source link

Update session code to use minimal sessions #6

Closed ozten closed 11 years ago

ozten commented 12 years ago

Taking Basic Auth or no Basic auth into account, figure out a minimal session like BigTent's updated code.

lloyd commented 11 years ago

I suggest we clearly outline the tunable security related parameters for final sec review - including cert duration and session duration... and make a group decision. suggest we close this for now and have a rollup "final sec review"