Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-6647

Customize Session Inactivity and Maximum Timeout for developer portal

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Duplicate
    • Major
    • None
    • SaaS, 2.9.1 GA
    • System
    • False
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • 0
    • 0% 0%
    • Undefined

    Description

      A developer has signed in the 3Scale developer portal and kept the tab inactive over one day, afterwards, the next day, he still can edit her account info without reauthentication.
      These session aspects should be customizable for developer portal:
      1. Session Inactivity Timeout value, i.e. 15 minutes as most net banks do
      2. Session Maximum Timeout value, i.e. 2 hours

      These too long Inactivity Timeout and Max Session Timeout values provides threat actor more opportunities for session highjacking.

      Attachments

        Issue Links

          duplicates

          Feature Request - Feature requests from customers and/or users THREESCALE-693 Valid login session length should be configurable

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Feature Request - Feature requests from customers and/or users THREESCALE-7143 Valid login session length should be configurable

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              Unassigned Unassigned
              rhn-support-cpalmier Carlo Palmieri (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: