MM5.10 Persistent login

By default, Media Manager will remember a user that has logged in and automatically re-authenticate her on the next visit of the application.

This presents a security impact in the unlikely event of a XSS attack on the application.

Should a client choose to disable persistent login, this can be done by navigating to the Settings → Portal Config Manager → Configuration and unchecking the option "Enable persistent login".

Disabling persistent login will result in the user having to authenticate every time they access the application and after every page refresh.