]> git.koha-community.org Git - koha.git/commit
Bug 17110: Lower CSRF expiry in Koha::Token
authorMarcel de Rooy <m.de.rooy@rijksmuseum.nl>
Thu, 11 Aug 2016 13:25:44 +0000 (15:25 +0200)
committerKyle M Hall <kyle@bywatersolutions.com>
Fri, 9 Sep 2016 13:40:41 +0000 (13:40 +0000)
commit6107e91f142f1498e718365fd8be09a18168e700
tree244e2c1bdc4d6082473f37abaa556160985c9b22
parent130733a0130d4cf2e522956165ee1d2c0557cceb
Bug 17110: Lower CSRF expiry in Koha::Token

Default expiry in WWW:CSRF is one week.
This patch sets it to 8 hours by default in Koha, and allows to
change the expiry period individually by passing MaxAge.

Test plan:
[1] Put items in your cart.
[2] Apply the example patch too.
[3] Send the cart from opac within the allotted 10 seconds.
[4] Send again, but wait some 10 seconds before submitting. Too late!

Tested 3 patches together, works as expected.
Signed-off-by: Marc VĂ©ron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Koha/Token.pm