You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
after user1 login, we delete user1 in another page as admin. But user1 is still able do anything. Such bug belong to CWE-613: Insufficient Session Expiration. we shoud expire the session or token of users when they were deleted.
The text was updated successfully, but these errors were encountered:
The login sessions expire after 30 minutes of inactivity ( keep in mind the word inactivity, if the user still does actions will the session will not be killed until 30 minutes of inactivity).
When a user is logged everything is kept on the OpenKM side, the security groups etc... at the moment user login are kept in memory and alive until the session expires ( 30 minutes inactivity ), users logout or OpenKM restart service.
From administration -> users -> have the option to see alive sessions ( logged users )
after user1 login, we delete user1 in another page as admin. But user1 is still able do anything. Such bug belong to CWE-613: Insufficient Session Expiration. we shoud expire the session or token of users when they were deleted.
The text was updated successfully, but these errors were encountered: