Closed (fixed)
Project:
Persistent Login
Version:
master
Component:
Code
Priority:
Normal
Category:
Feature request
Assigned:
Reporter:
Created:
9 Feb 2007 at 16:04 UTC
Updated:
8 Aug 2007 at 13:39 UTC
When PL detects a stolen PL cookie, it invalidates all PL sessions for that user. It should also invalidate all open sessions for that user since there is no way to know which is the attacker's.
It would be great if it could also deliver a warning message to the user; look carefully into the session gymnastics that occurs.
Comments
Comment #1
bjaspan commentedFixed.