Project

General

Profile

Actions

Bug #12581

closed

Remove max concurrent session limit to avoid denial of services

Added by François ARMAND over 6 years ago. Updated over 6 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

In #12481 we corrected a bug that was not correctly couting session created in Jetty by Rudder. That correction implies that now, the number of concurrent sessions is limited to 2.

This number is ok when people use different user, but in a company where everybody use "admin", it will quickly become a limiting factor.
So we need to make that parameter configurable, and also make the auto-logout configurable.

=> by default, we will use 2 concurrent session with 1h auto-logout.


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #12481: When logged > 3 times, oldest session is logged out but not immediatelyRejectedActions
Actions

Also available in: Atom PDF