zipline icon indicating copy to clipboard operation
zipline copied to clipboard
verified publisher icon diced

Bug: Session doesn't invalidate when password is changed

Open wdhdev opened this issue 1 year ago • 2 comments

What happened?

When you change your Zipline account password, existing sessions do not get invalidated, and they stay signed in. This can be a security risk if your account got hacked.

Version

latest (ghcr.io/diced/zipline or ghcr.io/diced/zipline:latest)

What browser(s) are you seeing the problem on?

Firefox, Chromium-based (Chrome, Edge, Brave, Opera, mobile chrome/chromium based, etc)

Zipline Logs

No response

Browser Logs

No response

Additional Info

No response

wdhdev avatar Apr 28 '24 00:04 wdhdev

hm, this seems like a big issue.. I think it might be fixed in v4 but for the most part I probably wont add a fix for this in v3 (i guess try to not let other people use your account 😅)

diced avatar Apr 30 '24 22:04 diced

Sounds good. Also, I probably should've reported this using the security advisories feature but I didn't see that before, my bad.

wdhdev avatar May 01 '24 00:05 wdhdev