gin-vue-admin [Bug]: gin-vue-admin does not properly termine existing user sessions when the user was deleted or disabled

[Bug]: gin-vue-admin does not properly termine existing user sessions when the user was deleted or disabled

Open lujiefsi opened this issue 2 years ago • 1 comments

gin-vue-admin 版本

2.4.5

Node 版本

v14.16.0

Golang 版本

go 1.16

是否依旧存在

可以

bug描述

First, a user login gin-vue-admin in one page. Then the admin deletes or disables the user in another page. But the user is still able to do any operations inside gin-vue-admin. Notice that refreshing the page does not force users to login again.

We have report it on https://huntr.dev/bounties/49ee5f87-3e84-46ec-b8d3-8a57d4886db5/ 21days ago through [email protected] but do not receive feedback.

修改建议

invalid all the user session once the user is deleted.

Dec 27 '22 08:12 lujiefsi

We have comments for this situation in the JWT code. If necessary, you can open that comment yourself. Currently, it is only for the purpose of reducing database read and write, and this detection has not been done.

Apr 07 '24 13:04 pixelmaxQm

gin-vue-admin gin-vue-admin copied to clipboard

[Bug]: gin-vue-admin does not properly termine existing user sessions when the user was deleted or disabled

gin-vue-admin 版本

Node 版本

Golang 版本

是否依旧存在

bug描述

修改建议

gin-vue-admin
gin-vue-admin copied to clipboard