17 Dec
2010
17 Dec
'10
3 p.m.
On 2010.12.17. 12:38, Marco Davids (SIDN) wrote:
Hi,
So how does security on the Atlas portal work?
Reason for asking is that I changed the password from home yesterday, but when i logged in from work this morning, i was not asked for the new password.
"logged in" or "kept on using the existing session"? I could see the later one but the former one would be a surprise.
Maybe some kind of sessionid cookie with a long expiry time?
That'd be my answer; see above.
Is that safe enough?
I guess it's a tradeoff between usability and security, as always. I don't know from the top of my head how long current sessions live, but I'm sure we could decrease the value until it becomes an annoyance :-) Cheers, Robert
Regards,