EditWYSIWYGAttachPrintable
r3 - 2006-03-02 - 14:50:10 - SteveKosteckeYou are here: NTP >  TWiki Web > SessionPlugin
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
This Plugin allows session information to be retained whilst a browser is running. It does this by storing a small session cookie in the browser. This contains an identification string that TWiki users to extract session information on the server.

Notes:

  • The cookie is not persistant
  • The session information is stored in files under data/.sessions/
  • Old session files should be deleted by a cron job
  • Identification string using for session is:
    • time (second resolution) + random number
  • If url parameter stickskin is present, its value sets the session value for SKIN i.e. you then stick on this skin. Get back to defalt skin with stickskin=.

  • Set SHORTDESCRIPTION = Holds session information on server, session identified from sessionId stored in non-persistant cookie
  • Set DEBUG = 0
Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r26 | r24 < r23 < r22 < r21 | More topic actions...
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding NTP? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.SessionPlugin