mailing list archives
From: Frank Oz <jedi31337 () gmail com>
Date: Thu, 19 Jan 2006 21:00:55 -0500
Just a quick question as I'm preparing a Web Portal document and wanted to
include some security pieces. This customer wants to have a 2-6 hour or even
umlimited timeout set for their user when they disconnect, because
they don't want to re-login every time.
If a user closes his browser and the session stays active, what else can a
hacker achieve during this time ?
Thanks for the help in advance !
- Session Hijacking Frank Oz (Jan 22)