Session Expiration
Posted: Mon Jul 18, 2011 10:51 am
I sent this question in to 'support@inforouter.com' but also wanted to post in here for everyone's benefit.
Would you be able to tell us when (if at all) InfoRouter sessions expire?
We have noticed that moving session data (via cookies) between machines allows us to login as other users. Obviously this is why users in Firefox are instructed to clear their sessions/cookies to logout properly. Unfortunately if I capture a cookie prior to doing this I can then import this cookie and be logged in as that user. We were also able to replicate the same sort of behavior with IE using the debugging tool 'Fiddler2'. Needless to say this represents a bit of a security concern.
Is there a length of time for which sessions are valid on the server side? Any info on this topic would be greatly appreciated.
Would you be able to tell us when (if at all) InfoRouter sessions expire?
We have noticed that moving session data (via cookies) between machines allows us to login as other users. Obviously this is why users in Firefox are instructed to clear their sessions/cookies to logout properly. Unfortunately if I capture a cookie prior to doing this I can then import this cookie and be logged in as that user. We were also able to replicate the same sort of behavior with IE using the debugging tool 'Fiddler2'. Needless to say this represents a bit of a security concern.
Is there a length of time for which sessions are valid on the server side? Any info on this topic would be greatly appreciated.