Also, all cookies are not using secure flag which is compromising the security of the user in case of xss injection.
[BUG] Login cookie expires too soon (even if remember me is checked)
[BUG] Login cookie expires too soon (even if remember me is checked)
We need to fix this, because session ends after an hour.
Also, all cookies are not using secure flag which is compromising the security of the user in case of xss injection.
Also, all cookies are not using secure flag which is compromising the security of the user in case of xss injection.
-
Richterlevania3
- Posts: 6
Re: [BUG] Login cookie expires too soon (even if remember me is checked)
For me it's even weirder: if I check the remember me option, it won't let me login at all, saying my password is wrong and throwing captchas at me.
Re: [BUG] Login cookie expires too soon (even if remember me is checked)
Admitadly we have not done a great job of handling the forum SSO and login features.
We should have those fixes to the session timeout and Secure flag set now. Could you confirm when you get a chance?
We should have those fixes to the session timeout and Secure flag set now. Could you confirm when you get a chance?
Sincerely,
Kestrel
Your Temporary Part Time Community Manager - Full Time Developer
Kestrel
Your Temporary Part Time Community Manager - Full Time Developer
Re: [BUG] Login cookie expires too soon (even if remember me is checked)
Unfortunately, it's still not fixed as the tw_sso cookie which controls the duration of login session is still only 2 hours long.
Who is online
Users browsing this forum: No registered users and 2 guests