diff options
author | vnugent <public@vaughnnugent.com> | 2024-06-05 14:44:08 -0400 |
---|---|---|
committer | vnugent <public@vaughnnugent.com> | 2024-06-05 14:44:08 -0400 |
commit | 9eed4022a79f2cba139c9f8a359bfc8c1f9c31c5 (patch) | |
tree | 5bd97ad742dddf5ee488afd2fcd314efef9cf642 /ci/config/SessionProvider.json | |
parent | f9e2109c27af5ece546261c018d4b2781860ff1c (diff) |
ci: Stage blocking changes
Diffstat (limited to 'ci/config/SessionProvider.json')
-rw-r--r-- | ci/config/SessionProvider.json | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ci/config/SessionProvider.json b/ci/config/SessionProvider.json index a578b0d..5573a05 100644 --- a/ci/config/SessionProvider.json +++ b/ci/config/SessionProvider.json @@ -10,12 +10,16 @@ //Cache system key prefix "cache_prefix": "websessions", //The session cookie name - "cookie_name": "VNSession", + "cookie_name": "cmnext-ses", //Size in bytes for generated session ids "cookie_size": 40, //time (in seconds) a session is valid for "valid_for_sec": 3600, //The maxium number of connections waiting for the cache server responses - "max_waiting_connections": 100 + "max_waiting_connections": 100, + //Enforce strict cross-origin session checks + "strict_cors": true, + ///Enforces strict TLS to help prevent tls downgrades based on stored session variables (privacy note: this can be leaked through brute-forced if session id is stolen) + "strict_tls_protocol": true } }
\ No newline at end of file |