powershell-universal icon indicating copy to clipboard operation
powershell-universal copied to clipboard

Published 20 hours ago verified publisher icon ironmansoftware

Invalidate Cookies Server-Side

Open adamdriscoll opened this issue 5 months ago • 0 comments

Summary of the new feature / enhancement

Currently, cookies are issued by the server and when the cookie times out, then it is no longer valid. If a user logs out, it causes the cookie to be deleted on the client-side but the cookie value is actually still valid. It would be possible to save the cookie value, logout, and then recreate the cookie with the value to sign in again.

We should have some server side validation of cookies to prevent this from happening. This was found in an external security audit.

Proposed technical implementation details (optional)

No response

adamdriscoll avatar Sep 15 '24 20:09 adamdriscoll