You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected version(s)
4.4.x, all (and probably all later versions including 4.7.)
Description
If an user enters a very long session lifetime in backend, he will furthermore not be able to log in again. How to reproduce
Go to backend -> settings and enter a unusually large value für session expiration, for example 360000000000 seconds. Log out. Try to log in again.
IMO, this setting should only be able to accept reasonable values. Any session longer than a week (or a month, or a year) should not to be accepted if the value becomes too large.
The text was updated successfully, but these errors were encountered:
Should only affect 4.4.x, as the setting is no more present in 4.7. As I understand, right now in 4.7 it is no more existent in the BE, but so far not implemented in CM.
Do we already check these type of files (config) in any way, if they are manualy changed? Because checking the setting in the BE seems not enough for 4.7.x (because it doesn't have this setting).
Affected version(s)
4.4.x, all (and probably all later versions including 4.7.)
Description
If an user enters a very long session lifetime in backend, he will furthermore not be able to log in again.
How to reproduce
Go to backend -> settings and enter a unusually large value für session expiration, for example 360000000000 seconds. Log out. Try to log in again.
IMO, this setting should only be able to accept reasonable values. Any session longer than a week (or a month, or a year) should not to be accepted if the value becomes too large.
The text was updated successfully, but these errors were encountered: