Opened 6 years ago

Closed 6 years ago

#11763 closed (invalid)

Admin Interface - Login - Security Concern

Reported by: AmirHabibi Owned by: nobody
Component: contrib.auth Version: 1.1
Severity: Keywords: Login Security
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Users logging into admin interface and closing the browser without pressing the logout link would cause Django to automatically logs them in next that that the browsers points to the admin URL. This is a serious security issue if user account is accessed by using a public computer or users of an enterprise application where a user may use different computers to login to the account.

Change History (2)

comment:1 Changed 6 years ago by JohnDoe

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

You can just set SESSION_EXPIRE_AT_BROWSER_CLOSE true or change some other session related settings? What you want here is to have an additional session system for the admin interface.

comment:2 Changed 6 years ago by ubernostrum

  • Resolution set to invalid
  • Status changed from new to closed

Not a bug.

Note: See TracTickets for help on using tickets.
Back to Top