repositories
/
ssproject1617.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
2ef9a68
)
work on v3
author
W
<kuhnen@science.ru.nl>
Mon, 24 Oct 2016 11:35:29 +0000
(13:35 +0200)
committer
W
<kuhnen@science.ru.nl>
Mon, 24 Oct 2016 11:35:29 +0000
(13:35 +0200)
report/v3_session.tex
patch
|
blob
|
history
diff --git
a/report/v3_session.tex
b/report/v3_session.tex
index
9e066cc
..
5b1f207
100644
(file)
--- a/
report/v3_session.tex
+++ b/
report/v3_session.tex
@@
-1,17
+1,31
@@
\begin{enumerate}[label={3.\arabic*}]
\item
\begin{enumerate}[label={3.\arabic*}]
\item
- \
TODO{}
+ \
pass
Verify that there is no custom session manager, or that the custom session
manager is resistant against all common session management attacks.
Verify that there is no custom session manager, or that the custom session
manager is resistant against all common session management attacks.
+ \begin{result}
+ The application uses the standard \PHP functionality;
+ \code{session_start()} to manage sessions.
+ \end{result}
+
\item
\item
- \
TODO{}
+ \
pass
Verify that sessions are invalidated when the user logs out.
Verify that sessions are invalidated when the user logs out.
+ \begin{result}
+ When a user logs out the application calls \code{forget()}, which destroys
+ the session.
+ \end{result}
+
\item
\item
- \
TODO{}
+ \
fail
Verify that sessions timeout after a specified period of inactivity.
Verify that sessions timeout after a specified period of inactivity.
+ \begin{result}
+ There is no functionality which tracks how long a user has been inactive.
+ \end{result}
+
\notapplicable{
\item
\notapplicable{
\item