Skip to content
This repository has been archived by the owner on Feb 12, 2023. It is now read-only.

Session Hijacking Prevention #504

Open
ChakshuGautam opened this issue Feb 3, 2021 · 0 comments
Open

Session Hijacking Prevention #504

ChakshuGautam opened this issue Feb 3, 2021 · 0 comments

Comments

@ChakshuGautam
Copy link

ChakshuGautam commented Feb 3, 2021
edited
Loading

I wanted to prevent users from getting the sessionID and using them on non logged in browsers. I have added the following

req.getSession(false).setMaxInactiveInterval(1); // To prevent session hijacking.

snippet here to discard cookies after one second.

aggregate/src/main/java/org/opendatakit/common/security/server/SecurityServiceImpl.java

Line 57 in bad4527

This seems to be working fine but I don't know the side effects of this approach. Anything else that I can do here?
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ChakshuGautam