Skip to content
This repository has been archived by the owner on Feb 20, 2018. It is now read-only.
This repository has been archived by the owner on Feb 20, 2018. It is now read-only.

Destroy user session when locking account #12

Closed
JesseObrien opened this issue Oct 26, 2011 · 3 comments
Closed

Destroy user session when locking account #12

JesseObrien opened this issue Oct 26, 2011 · 3 comments

Comments

@JesseObrien
Copy link

Ideally, if an anyone locks a users account, the account should be subsequently logged out on the next request that requires a session check. I don't know how much overhead it would be but authentication tokens should be compared on each Warden::check() Upon locking it should revoke the current authentication token in the database, destroy the session immediatly, and the cookie as well.
@dre1080
Copy link
Owner

dre1080 commented Oct 26, 2011

Yes, auth tokens are compared in Warden_Driver::logged_in() and Warden::check() is run in every Warden::_init()

@JesseObrien
Copy link
Author

Check #13. The auth tokens are compared, but locking isn't checked in the driver.

@dre1080 dre1080 reopened this Oct 26, 2011
@dre1080
Copy link
Owner

dre1080 commented Oct 26, 2011

fixed f25e1da

@dre1080 dre1080 closed this as completed Oct 26, 2011
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update to fix locking and the driver's handling of locking
2 participants
@dre1080 @JesseObrien