Details
-
Bug
-
Resolution: Fixed
-
Low
-
2.5.3
-
None
Description
When Crowd issues a SQL query to expire old tokens (older than a certain reference timestamp), it is truncating the timestamp to a date, i.e., it ignores hours, minutes, seconds.
This is the query as seen in the PostgreSQL logs:
delete from cwd_token where last_accessed_date<$1
with parameter $1='2013-01-08 00:00:00'
Consequently, tokens that should be expired are not being expired if the default session duration is in the range of hours or less.