From dc414b50c19bea912babb00cf8f1e090dbbcc3b7 Mon Sep 17 00:00:00 2001
From: "Jason M. Bills" <jason.m.bills@linux.intel.com>
Date: Thu, 5 Aug 2021 15:20:25 -0700
Subject: Reduce session timeout to 30 minutes

This reduces our web session timeout to 30 minutes per
NIST guidelines:

"Reauthentication of the subscriber SHALL be repeated following
any period of inactivity lasting 30 minutes or longer."

https://pages.nist.gov/800-63-3/sp800-63b.html

Change-Id: Icb600b5bc026107f582bc93be355bc5e2b46677d
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
---
 include/sessions.hpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/sessions.hpp')

diff --git a/include/sessions.hpp b/include/sessions.hpp
index a448b24c0f..b0d6ca7f39 100644
--- a/include/sessions.hpp
+++ b/include/sessions.hpp
@@ -412,7 +412,7 @@ class SessionStore
     AuthConfigMethods authMethodsConfig;
 
   private:
-    SessionStore() : timeoutInSeconds(3600)
+    SessionStore() : timeoutInSeconds(1800)
     {}
 };
 
-- 
cgit v1.2.3