Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69778

Allow the sesskey to regenerate or rotate over the course of a long session

    XMLWordPrintable

    Details

    • Affected Branches:
      MOODLE_310_STABLE

      Description

      Now that you can have long lived sessions (see MDL-65812) there is an increased risk that a sesskey might be compromised. A nice mitigation is that the sesskey could rotate every N minutes (probably ~1 hour) and that confirm_sesskey() might honor the previous X keys (probably ~2-3)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              brendanheywood Brendan Heywood
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: