aboutsummaryrefslogtreecommitdiff
path: root/plugins/SessionProvider/src/SessionProvider.sample.json
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/SessionProvider/src/SessionProvider.sample.json')
-rw-r--r--plugins/SessionProvider/src/SessionProvider.sample.json6
1 files changed, 5 insertions, 1 deletions
diff --git a/plugins/SessionProvider/src/SessionProvider.sample.json b/plugins/SessionProvider/src/SessionProvider.sample.json
index 0675fa1..0a3083a 100644
--- a/plugins/SessionProvider/src/SessionProvider.sample.json
+++ b/plugins/SessionProvider/src/SessionProvider.sample.json
@@ -19,7 +19,11 @@
//time (in seconds) a session is valid for
"valid_for_sec": 3600,
//The maxium number of connections waiting for the cache server responses
- "max_waiting_connections": 100
+ "max_waiting_connections": 100,
+ //Enforce strict cross-origin session checks
+ "strict_cors": true,
+ ///Enforces strict TLS to help prevent tls downgrades based on stored session variables (privacy note: this can be leaked through brute-forced if session id is stolen)
+ "strict_tls_protocol": true
},
//If the OAuth provider is enabled, you may enable the optional revocation endpoint
generated by cgit (git 2.46.0) at 2024-10-01 17:29:39 +0000