| commit | 9a66f0c90449547dd32164a6ed958a4055244f69 | |
| author | Edward Z. Yang <edwardzyang@thewritingpot.com> | |
| Thu, 7 Aug 2008 14:21:18 +0000 (7 10:21 -0400) | ||
| committer | Edward Z. Yang <edwardzyang@thewritingpot.com> | |
| Thu, 7 Aug 2008 14:21:18 +0000 (7 10:21 -0400) | ||
| tree | d08a5ad32f36f0cbbd9c065b7f25975c0bc0ae67 | treesnapshot (tar.gz zip) |
| parent | e9c8af09eb0ef6814a0771fa93ee697b8cf91d3b | commitdiff |
Add a two hour expiration on all tokens.
Warning: If there is no secret key, this can be trivially modified by the owner
of the session ID/cookie (and possibly the key) to have an arbitrary end
time on the token. We don't expect this to cause any security problems,
however.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
Warning: If there is no secret key, this can be trivially modified by the owner
of the session ID/cookie (and possibly the key) to have an arbitrary end
time on the token. We don't expect this to cause any security problems,
however.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
| README.txt | diffblobblamehistory | |
| csrf-magic.php | diffblobblamehistory |