Why is it wise, from a security POV to have sessions expire?

It is a common practice to have sessions expire for users when they are logged in for a long period, especially if they are inactive. I’ve seen this particularly employed in systems where sensitive information is available.

But what practical use does this form, other than the unlikely scenario that a user’s computer becomes taken over (voluntarily or involuntarily) by another person? Having sessions expire is a mild annoyance for people having to log back into platforms. Is it merited?

Apache HTTP digest authentication does not expire with AuthDigestNonceLifetime directive

Any idea why this configuration in /etc/apache2/sites-available/000-default.conf does not expire after 15 seconds?

<Directory /var/www/html/somedirectory/>         AuthName 'test'          AuthType Digest         AuthDigestDomain /         AuthDigestProvider file         AuthUserFile /var/login/anotherdirectory/.htdigest         AuthDigestNonceLifetime 15          Require valid-user </Directory> 

Note that I put this configuration block outside of a virtualhost so it will apply for both HTTP and HTTPS ports. I am testing on an IP address and not a domain name. I don’t really see the point of AuthDigestDomain but I think setting it to / is fine, I saw it in some examples.

I am using Debian 9.9 with Apache 2.4.25-3+deb9u7.


My AppleCare is about to expire with my battery at 81%. Is there a good way to get it to 79% so I can get a new battery?

AppleCare covers the replacement of a MacBook Pro battery if it drops below 80% capacity before 1000 cycles. I have until the end of the year and I’m at 81% and 300 cycles. It would be nice to get a new battery in exchange for the $ 379(?!!!) I spent for AppleCare. I’ll get an extra year of warranty since I purchased it on my American Express, but I would like to get something out of what I paid for AppleCare+ rather than pay $ 200 for a new battery and harass my credit card company into reimbursing me.

Any thoughts on what to do? Will Apple give me a new battery if I tell them I’m 1% away?

As a dual citizen, my US passport will expire one day after traveling to the US. Will this work?

As a dual citizen, my US passport will expire one day after traveling to the US (May 4th). Can I enter with my US passport, and leave with my valid EU passport? I’m flying with Icelandair.

Also, in this case I shouldn’t try to get an ESTA fo my EU passport, right?

PS. When trying to use an emergency procedure to renew my US passport, I am not getting any replies from the US consulate.

Why do lightning invoices expire?

I’m considering the development of a lightning app, and I’m trying to make it non custodial.

I was thinking on pre-generating invoices for all users every x time to make things simpler. To do that I’d need to extend the expiry date.

I tried to look up why do lightning invoices expire, and I couldn’t find a clear answer.

Why do lightning invoices have an expiry date?

Is it to ensure that they are not kept forever in the receivers DB? or is there another reason?

Do Google app passwords expire?

I manage a shared email account (in Gmail) for a small organization. I have 2-factor authentication turned on and had generated an app password for an external app that accesses the inbox via IMAP.

In case you don’t know, app passwords are a feature of Gmail that are only available when MFA is active, and allow static credentials to access your account without the need for going through the usual two-factor process.

Recently, one of the users of this account who is, shall we say, a little less-than-tech-savvy, ended up resetting the account’s real password. She said she did this in reaction to supposed problems she was having. I’m still not sure the password was really necessary.

Now I’ve got the account password updated again and have things under control; however I noticed when I wen in to do damage control that the app password I had previously created was no more. I was under the impression that app passwords don’t just disappear; in fact you have to dive in pretty deep even to find them in the first place.

I’m wondering what may have deleted my app password? Do they expire? Does Gmail clear them all during a password reset? Any light you can shed will help me better understand this, and with my post-mortem evaluation.

What does it mean if expire is set to null a cache table?

I am looking at the documentation for the expire field in the cache tables and the documentation in CacheBackendInterface.php says:

  * @param int $  expire    *   One of the following values:    *   - CacheBackendInterface::CACHE_PERMANENT: Indicates that the item should    *     not be removed unless it is deleted explicitly.    *   - A Unix timestamp: Indicates that the item will be considered invalid    *     after this time, i.e. it will not be returned by get() unless    *     $  allow_invalid has been set to TRUE. When the item has expired, it may    *     be permanently deleted by the garbage collector at any time.    * @param array $  tags  

But when I look in a cache table, for example, cache_render I see many of the entires have NULL in the expire column and I noticed it only get clear on a complete cache clear drush cr