Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LPS-45084 - Autoextend session for guests, only show notification for logged in users #19762

Closed
wants to merge 11 commits into from
Closed

LPS-45084 - Autoextend session for guests, only show notification for logged in users #19762

wants to merge 11 commits into from

Conversation

JorgeFerrer
Copy link

We may want to run this through @shuyangzou just in case it may have an impact on performance when a guest users leaves a page open in a browser for a long period of time

mdelapenya and others added 11 commits July 9, 2014 10:07
@mdelapenya
Revert "LPS-43587 Sort, no logic changes"
501cae1 
This reverts commit 3185733.
@mdelapenya
Revert "LPS-43587 Move to arrays to make things more readable"
c7e213a 
This reverts commit 010196d.
@mdelapenya
Revert "LPS-43587 Declaring vars is sometimes uglier"
c376655 
This reverts commit 7bd8dc5.
@mdelapenya
Revert "LPS-43587 it's a static call"
9b352dc 
This reverts commit f5c98a1.
@mdelapenya
Revert "LPS-43587 continue with pure string buffer manipulation inste…
9e02209 
…ad of switching to regex"

This reverts commit 34bcef4.
@mdelapenya
Revert "LPS-43587 Adds tests"
ab14c4a 
This reverts commit 507e484.
@mdelapenya
Revert "LPS-43587 Adds single-quote matching support"
8230329 
This reverts commit 1ad3202.
@mdelapenya
Revert "LPS-43587 - Source formatting"
a7ae76c 
This reverts commit 44cd52e.
@mdelapenya
Revert "LPS-43587 CSS @import checks for quotes and query symbols ins…
a03a672 
…ide of url() brackets"

This reverts commit acbc7ee.
@natecavanaugh
Revert "LPS-45084 Auto-extend sessions for users and guests"
3289a11 
This reverts commit e7a0e76.
@natecavanaugh
LPS-45084 - Autoextend session for guests, only show notification for…
dd5769b 
… logged in users
@JorgeFerrer JorgeFerrer mentioned this pull request Jul 9, 2014
Closed
@brianchandotcom
Copy link
Owner

@shuyangzhou Please see this pull. I think it should be fine.

@brianchandotcom
Copy link
Owner

Merged. Thank you.
View total diff: d290b07...10a4cb2

@shuyangzhou
Copy link

So that now a guest session never times out?

@JorgeFerrer
Copy link
Author

@shuyangzhou yes, that's why I thought you should look into it.

@shuyangzhou
Copy link

This may actually cause a problem, but it is more like a security problem rather than a performance problem.
Basically it will make a DDoS attack easier. As it used to require all sessions to be active to hold them in memory. Now as long as they are guest session and not logout they will stay in memory, the attackers do not need to keep them active, it will allow the attacker to use few resources to organize a heavy attack.

I think we should run this through security team.

@NorbertKocsis
Copy link

Could you please confirm if this will be the final resolution or not? We would like to know if we can backport and deliver the fix for customers or we should wait.

Thanks in advance!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@JorgeFerrer @brianchandotcom @shuyangzhou @NorbertKocsis @mdelapenya @natecavanaugh