-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changing security config should cancel existing "remember me" tokens #52
Comments
Should this be in core as well? |
I think it probably should. I noted on Slack but this isn't necessarily a common flow. If there's the ability to log yourself out on other devices (a button labelled "log me out elsewhere" or words to that effect) then services don't always log you out of all your devices when changing your password. Might need to have a little discussion about what suits SilverStripe best... |
@chillu are you happy for us to move this to a framework issue? |
Friendly bump @chillu |
I believe some work still needs to be done here. Without any extension hook or way to hook in to the reset method, the framework doesn't explicitly know the MFA has been reset, thus no reset will happen? |
Yeah assuming silverstripe/silverstripe-framework#8694 gets implemented, it'd probably have an extension hook in it somewhere. Fair enough for reopening, let's re-target this issue as "ensure MFA changes are included in resetting 'remember me' cookies assuming silverstripe/silverstripe-framework#8694 is implemented" or something to that end |
Acceptance Criteria
Notes
From Olivier:
The text was updated successfully, but these errors were encountered: