Learn More
Resend Email
22
Worst bug you never fixed?
Week 160 Group Rant
LlamaMan
5y

Our system never had sessions that expired. A recent hack at the client caused us to revisit the security measures we had in place.

The person who was on the project since it's start 8 years ago was tasked with fixing this issue. It has a simple solution: add session expiration, and extend the session to an hour from now with each request.

This week I found out how he did it🤦🏻‍♂️. He added session expirations, but extended the session by an hour with each request. By making 10 requests in quick succession, your session is extended by 10 hours.

rant

wk160
Favorite
Ranter
Comments
  • 5
    5y
    Haha. Looks like a honest careless mistake
  • 1
    5y
    Our E-Learning is expiring after 1 hour and it's really annoying having to login multiple times a day. If it's not banking I'd raise it to 8 hours or more
  • 1
    5y
    @StopMotionCuber write a script to extend your login session every 55min?
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment