-
-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Old accesstokens are not cleaned up #8035
Labels
server / core
Issues relating to the server or core of Ghost
Comments
kirrg001
added a commit
to kirrg001/Ghost
that referenced
this issue
Feb 27, 2017
closes TryGhost#8035 - create auth/utils - use authUtils.createTokens for all cases - remove old tokens before creating new ones
kevinansfield
pushed a commit
that referenced
this issue
Mar 1, 2017
closes #8035 - create auth/utils - use authUtils.createTokens for all cases - decrease the expiry of the old access token before creating a new one
Fix for LTS is coming. |
kirrg001
added a commit
to kirrg001/Ghost
that referenced
this issue
Mar 1, 2017
refs TryGhost#8035 - same fix as TryGhost@fa38257 - no fancy refactoring as we did on master - tested with 2 browsers and 2 tabs
kevinansfield
pushed a commit
that referenced
this issue
Mar 1, 2017
closed via #8076 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Summary
Each time a
refreshtoken
is used to get a newaccesstoken
we create a new record in the DB but the old accesstoken record is still kept. Now that we have longer expiry times on the tokens it means that we can't rely on the old tokens being unusable after an hour so we should either delete the old records or update the current record when a new token is generated.Steps to Reproduce
accesstokens
table you will now have at least 2 valid tokens for the same userTechnical details:
The text was updated successfully, but these errors were encountered: