diff options
| author | Simon Brandhof <simon.brandhof@gmail.com> | 2012-02-01 14:07:25 +0100 |
|---|---|---|
| committer | Simon Brandhof <simon.brandhof@gmail.com> | 2012-02-01 14:08:21 +0100 |
| commit | e8631ce08c4f566cbe73b5b9542392c727027e79 (patch) | |
| tree | 35950385b19341ce7a189e8d9eb9f599c31c04aa | |
| parent | 377278873a7539c46d482d387c41634a160be603 (diff) | |
| download | sonarqube-e8631ce08c4f566cbe73b5b9542392c727027e79.tar.gz sonarqube-e8631ce08c4f566cbe73b5b9542392c727027e79.zip | |
SONAR-3230 Stolen user session
4 files changed, 12 insertions, 18 deletions
diff --git a/sonar-server/src/dev/web.xml b/sonar-server/src/dev/web.xml index cca6dc5d8a9..a613bea2a3c 100644 --- a/sonar-server/src/dev/web.xml +++ b/sonar-server/src/dev/web.xml @@ -78,6 +78,11 @@ <url-pattern>/batch/*</url-pattern> </servlet-mapping> + <session-config> + <!-- in minutes --> + <session-timeout>20</session-timeout> + </session-config> + <listener> <listener-class>org.sonar.server.platform.PlatformLifecycleListener</listener-class> </listener> diff --git a/sonar-server/src/main/webapp/WEB-INF/config/environment.rb b/sonar-server/src/main/webapp/WEB-INF/config/environment.rb index 5ee8f927a3b..5d3bcbf5bc2 100644 --- a/sonar-server/src/main/webapp/WEB-INF/config/environment.rb +++ b/sonar-server/src/main/webapp/WEB-INF/config/environment.rb @@ -38,10 +38,8 @@ Rails::Initializer.run do |config| config.i18n.default_locale = :en - # Use the database for sessions instead of the cookie-based default, - # which shouldn't be used to store highly confidential information - # (create the session table with "rake db:sessions:create") - # config.action_controller.session_store = :active_record_store + # Provided by JRuby-Rack + config.action_controller.session_store = :java_servlet_store # Use SQL instead of Active Record's schema dumper when creating the test database. # This is necessary if your schema can't be completely dumped by the schema dumper, diff --git a/sonar-server/src/main/webapp/WEB-INF/config/initializers/session_store.rb b/sonar-server/src/main/webapp/WEB-INF/config/initializers/session_store.rb deleted file mode 100644 index ce9f00f19dc..00000000000 --- a/sonar-server/src/main/webapp/WEB-INF/config/initializers/session_store.rb +++ /dev/null @@ -1,14 +0,0 @@ -# Your secret key for verifying cookie session data integrity. -# If you change this key, all old sessions will become invalid! -# Make sure the secret is at least 30 characters and all random, -# no regular words or you'll be exposed to dictionary attacks. -ActionController::Base.session = { - :key => '_sonar_session', - :secret => 'bc2d855f87a32c43ce7c302b074b4271c58d024420437d6d85d03b19319e659f0c5bf3486b30480df43cda10bd95ad012956d77d3d35fc38edc639c232aacc11', - :expire_after => 20.minutes -} - -# Use the database for sessions instead of the cookie-based default, -# which shouldn't be used to store highly confidential information -# (create the session table with "rake db:sessions:create") -# ActionController::Base.session_store = :active_record_store diff --git a/sonar-server/src/main/webapp/WEB-INF/web.xml b/sonar-server/src/main/webapp/WEB-INF/web.xml index 23172c43dbe..db10b309cac 100644 --- a/sonar-server/src/main/webapp/WEB-INF/web.xml +++ b/sonar-server/src/main/webapp/WEB-INF/web.xml @@ -113,6 +113,11 @@ <url-pattern>/batch/*</url-pattern> </servlet-mapping> + <session-config> + <!-- in minutes --> + <session-timeout>20</session-timeout> + </session-config> + <listener> <listener-class>org.sonar.server.platform.PlatformLifecycleListener</listener-class> </listener> |