22

Our system never had sessions that expired. A recent hack at the client caused us to revisit the security measures we had in place.

The person who was on the project since it's start 8 years ago was tasked with fixing this issue. It has a simple solution: add session expiration, and extend the session to an hour from now with each request.

This week I found out how he did it🤦🏻‍♂️. He added session expirations, but extended the session by an hour with each request. By making 10 requests in quick succession, your session is extended by 10 hours.

Comments
  • 4
    Haha. Looks like a honest careless mistake
  • 1
    Our E-Learning is expiring after 1 hour and it's really annoying having to login multiple times a day. If it's not banking I'd raise it to 8 hours or more
  • 0
    @StopMotionCuber write a script to extend your login session every 55min?
Add Comment