mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #8079 from open-sausages/pulls/4/docs-login
Personal data usage docs corrections
This commit is contained in:
commit
7b6f4c0a53
@ -44,13 +44,18 @@ SilverStripe will default to using PHP sessions for tracking logged-in users,
|
||||
which uniquely link users to their device/browser through a session cookie.
|
||||
If the user chooses the "Remember me" feature on login,
|
||||
this unique link will persist across sessions.
|
||||
The default cookie lifetime for this feature is 48h.
|
||||
See `SilverStripe\Security\Member::$auto_login_token_lifetime` for details.
|
||||
|
||||
## Login Attempts
|
||||
|
||||
SilverStripe can be configured to record login attempts, in order to lock out users
|
||||
SilverStripe is configured by default to record login attempts, in order to lock out users
|
||||
after a defined number of attempts, and hence limit the attack surface of the login process.
|
||||
This is predicated on tracking the IP address of the attempt, which can be considered personal data.
|
||||
See `SilverStripe\Security\Security::$login_recording` for details.
|
||||
IP addresses related to these attempts are stored indefinitely unless manually purged
|
||||
from the `LoginAttempt` table.
|
||||
See `SilverStripe\Security\Security::$login_recording` and
|
||||
`SilverStripe\Security\Security::$lock_out_after_incorrect_logins` for details.
|
||||
|
||||
## Logging and Exceptions
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user