work on v3

author W <kuhnen@science.ru.nl>

Mon, 24 Oct 2016 11:35:29 +0000 (13:35 +0200)

committer W <kuhnen@science.ru.nl>

Mon, 24 Oct 2016 11:35:29 +0000 (13:35 +0200)
author W <kuhnen@science.ru.nl>
Mon, 24 Oct 2016 11:35:29 +0000 (13:35 +0200)
committer W <kuhnen@science.ru.nl>
Mon, 24 Oct 2016 11:35:29 +0000 (13:35 +0200)
diff --git a/report/v3_session.tex b/report/v3_session.tex

index 9e066cc..5b1f207 100644 (file)
--- a/report/v3_session.tex
+++ b/report/v3_session.tex
@@ -1,17 +1,31 @@
  \begin{enumerate}[label={3.\arabic*}]
  
      \item
-    \TODO{}
+    \pass
      Verify that there is no custom session manager, or that the custom session
      manager is resistant against all common session management attacks.
+    \begin{result}
+      The application uses the standard \PHP functionality;
+      \code{session_start()} to manage sessions.
+    \end{result}
+
  
      \item
-    \TODO{}
+    \pass
      Verify that sessions are invalidated when the user logs out.
+    \begin{result}
+      When a user logs out the application calls \code{forget()}, which destroys
+      the session.
+    \end{result}
+
  
      \item
-    \TODO{}
+    \fail
      Verify that sessions timeout after a specified period of inactivity.
+    \begin{result}
+    There is no functionality which tracks how long a user has been inactive.
+    \end{result}
+
  
    \notapplicable{
      \item
author	W <kuhnen@science.ru.nl>
	Mon, 24 Oct 2016 11:35:29 +0000 (13:35 +0200)
committer	W <kuhnen@science.ru.nl>
	Mon, 24 Oct 2016 11:35:29 +0000 (13:35 +0200)