discourse

Commit Graph

Author	SHA1	Message	Date
Sam	6ff309aa80	SECURITY: don't grant same privileges to user_api and api access User API is no longer gets bypasses that standard API gets. Only bypasses are CSRF and XHR requirements.	2016-12-16 12:05:43 +11:00
Sam	df535c6346	FEATURE: refresh session cookie at most once an hour This feature ensures session cookie lifespan is extended when user is online. Also decreases session timeout from 90 to 60 days. Ensures all users (including logged on ones) get expiring sessions.	2016-07-25 12:07:31 +10:00
Sam	7993845bfa	add current_user_provider so people can override current_user bevior cleanly, see http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278	2013-10-09 15:11:54 +11:00

Author

SHA1

Message

Date

Sam

6ff309aa80

SECURITY: don't grant same privileges to user_api and api access

User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.

2016-12-16 12:05:43 +11:00

Sam

df535c6346

FEATURE: refresh session cookie at most once an hour

This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.

2016-07-25 12:07:31 +10:00

Sam

7993845bfa

add current_user_provider so people can override current_user bevior cleanly, see

http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278

2013-10-09 15:11:54 +11:00

3 Commits