You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We let people delete their accounts, but we don't nuke their active sessions when they do so. We should do that. If we don't, there's no way for a user to nuke those sessions.
The text was updated successfully, but these errors were encountered:
OK, first things first. I guess I don't care of a session is still active after an account is deleted. If that's the case, it's not like you can do anything. The data for the account is nuked, and if you try to create more data by creating a favorite or something, it'll surely explode.
What I do think is worth investigating is how to nuke sessions during a password change.
On second thought, changing your password only invalidates sessions if you do it via one of the password change forms. If you do it via the change password method, as we do, you have to explicitly nuke other sessions (there's a command for this, as above). So....I implemented that in #1493.
We let people delete their accounts, but we don't nuke their active sessions when they do so. We should do that. If we don't, there's no way for a user to nuke those sessions.
The text was updated successfully, but these errors were encountered: