Sanjay Kumar Sahu created RANGER-3919:
-----------------------------------------
Summary: Adding automatically terminate a session after a
predefined timeout period (60 minutes) of inactivity.
Key: RANGER-3919
URL: https://issues.apache.org/jira/browse/RANGER-3919
Project: Ranger
Issue Type: Bug
Components: Ranger
Affects Versions: 2.3.0
Reporter: Sanjay Kumar Sahu
Web applications do not automatically terminate a session
after a predefined timeout period (60 minutes) of inactivity.
Adding automatically terminate a session
after a predefined timeout period (60 minutes) of inactivity.
This issue increases the window of opportunity for an attacker to gain
unauthorized access to a user’s session. However, in order to exploit this
issue, an attacker still needs to obtain a
valid session ID tokens.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
