Merge pull request #9547 from jakxnz/pulls/4/mention-session-timeout-in-security-docs

Added mention of Session.timeout to secure_coding docs
This commit is contained in:
Robbie Averill 2020-06-12 09:30:26 -07:00 committed by GitHub
commit 213e97f7b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -617,6 +617,7 @@ In addition, you can tighten password security with the following configuration
the user is blocked from further attempts for the timespan defined in `$lock_out_delay_mins`
* `Member.lock_out_delay_mins`: Minutes of enforced lockout after incorrect password attempts. Only applies if `lock_out_after_incorrect_logins` is greater than 0.
* `Security.remember_username`: Set to false to disable autocomplete on login form
* `Session.timeout`: Set timeout to attenuate the risk of active sessions being exploited
## Clickjacking: Prevent iframe Inclusion