Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
Ask a Question

how do I make shorter login time / XSS-Attacks

0 votes
759 views
in Q2A Core by
I see the session cookie is only valid untill the Session end. But if i close my Browser and restart I still loged in (???) why? How can I make shorter Login Times Background XSS-Attacks won't hurt so much if the user is not always logged in
Show 2 previous comments
by
You didn't need to explain XSS to me (I just wanted to make sure you knew what you were asking).

I suggest you *try* an XSS attack on your own Q2A site, then you'll see that it has XSS protection. Changing login times won't affect anything.
by
yeah I guess I was little bit wrong I mean CSFR not simple XSS wich can indeed avoided with proper output filtering.
by
Hmm, well I assume Q2A has CSRF protection as well but I don't know for sure. Maybe try that on your own site and see.
by
FYI, Q2A doesn't currently have CSRF protection. There are no GET requests with side-effects in Q2A, so only POST attacks would be an issue - these are somewhat harder to pull off, but still a possibility.

With CSRF, it's only possible to attack a specific Q2A site, not all Q2A sites in general. So it shouldn't be a major concern unless your site has a very high profile within some specific community, many of whose members also hang out a lot at some other specific site, and where that other site owner is a nasty piece of work.

Still, this should be addressed in a future version.

Please log in or register to answer this question.

Snow Theme by Q2A Market
Powered by Question2Answer
...