Cookies validity date value is too long, it is a security issue. How can it be reduced?

Question

How can I change the cookie validity date for the Odoo session?   It is a security risk.   We have to reduce it.   Thanks

Ravi Gadhia · Answer

by default odoo. set 90 days validity for session_id and it's incremental if you ever access odoo within 90 days it will extend its validity from access day/date
you can change validity from here
https://github.com/odoo/odoo/blob/13.0/odoo/http.py#L1400 => 90 days = 90 * 24 * 60 * 60 seconds
It's not a security risk as far as your physical device secure and no one can steal your session_id from your browser
Note: odoo don't track all the login devices so in case of a stolen physical device you c

MTNET SERVICES · Answer

Hi Ravi,   Thanks for your answer.
We are using the MS Active Directory (AD) password verification and our security concern is because we do not see Odoo to be querying AD every time a user logs in.
How often is the password verified against AD?
What happens if a session is open in Odoo for many days (because the session is still valid in the cookies) and the user is blocked or deleted from AD?

Powiązane posty	Odpowiedzi	Widoki
Odoo(OpenERP) Cookie Session ID Issues ? session cookie hack session_id	0 mar 15	6952
Question: How to Set Session Timeout or Automatically Terminate Session When Browser Is Closed in Odoo? javascript configuration chrome session session_id	2 sie 25	1641
How can I set the cookie in login page in odoo12? cookie cookies	1 sie 19	5586
how to add session value using python session session_id	0 lis 15	5896
How can I get explicit/cookie session id while login from android application ? session session_id v15	0 gru 21	3141

To pytanie dostało ostrzeżenie

Podoba Ci się ta dyskusja? Dołącz do niej!