Security Basics mailing list archives
Session Hijacking
From: Frank Oz <jedi31337 () gmail com>
Date: Thu, 19 Jan 2006 21:00:55 -0500
Just a quick question as I'm preparing a Web Portal document and wanted to include some security pieces. This customer wants to have a 2-6 hour or even umlimited timeout set for their user when they disconnect, because they don't want to re-login every time. If a user closes his browser and the session stays active, what else can a hacker achieve during this time ? Thanks for the help in advance !
Current thread:
- Session Hijacking Frank Oz (Jan 22)
- <Possible follow-ups>
- RE: Session Hijacking Chaminda Rajamanthri (Jan 23)