]> git.koha-community.org Git - koha.git/commit
Bug 17110: Lower CSRF expiry in Koha::Token
authorMarcel de Rooy <m.de.rooy@rijksmuseum.nl>
Thu, 11 Aug 2016 13:25:44 +0000 (15:25 +0200)
committerMason James <mtj@kohaaloha.com>
Tue, 2 May 2017 23:55:40 +0000 (11:55 +1200)
commit7cac8af04a988a00adc92e8db0b306f0afa94e3f
treea98417361b24d81080058dcc1dd0816e44b44da9
parentb4e98fb723f163efef512ba2f905fa4d565480c9
Bug 17110: Lower CSRF expiry in Koha::Token

Default expiry in WWW:CSRF is one week.
This patch sets it to 8 hours by default in Koha, and allows to
change the expiry period individually by passing MaxAge.

Test plan:
[1] Put items in your cart.
[2] Apply the example patch too.
[3] Send the cart from opac within the allotted 10 seconds.
[4] Send again, but wait some 10 seconds before submitting. Too late!

Tested 3 patches together, works as expected.
Signed-off-by: Marc VĂ©ron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Koha/Token.pm