I have unconfirmed information from users of my application about strage tersus behavior after session time-out.
It looks like users after time-out still have permision to work in application - and even with more privilegies (can see data of other users). It might be big security problem, but i was not able to reproduce the issue. For testing porpouses i would like to change time-out to realy short time, but I did not find where it is configured.
Can you tell me where can I configure time-out of session?
I use 1.0.12 verstion of tersus with fedora 7, hsqldb 1.8 and tomcat 5.5.12
regards, pawel bahyrycz
For best results, use the Firefox browser..