Joomla 2.5 – setting session time out limit in frontend


Accidentally came across the following potential vulnerability in joomla – the end of session in the frontend in Joomla does not match the backend – the session did not end for more than two days. Pretty dangerous if you give out a lot of different permissions to editors and authors.

Fix:

Open file modules/mod_login/tmpl/default.php and then comment out the line at the top:

JHtml::_('behavior.keepalive');

After that the backend and frontend session times will coincide.
 
Good luck!

This entry was posted in Joomla (en). Bookmark the permalink.

Leave a Reply

🇬🇧 Attention! Comments with URLs/email are not allowed.
🇷🇺 Комментарии со ссылками/email удаляются автоматически.