Project

General

Profile

Actions
Copy link

Bug #7400

closed

Duplicate login does not invalidate cookies

Bug #7400: Duplicate login does not invalidate cookies

Added by krileon almost 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
krileon
Target version:
4.0.0
Start date:
03 January 2019
Due date:
% Done:

100%

Estimated time:

Description

The duplicate login check does check for and delete duplicate sessions, but on refresh Joomla recreates the session from the cookie. At least 1 of the users cookies (duplicate user attempting to login) should be able to be invalidated.

https://www.joomlapolis.com/forum/153-professional-member-support/240296-cb-antispam-problem#309555

Updated by krileon almost 7 years ago Actions
Copy link
 #1

Confirmed. Remember Me bypasses normal login procedures and restores the session. Either need a means of invalidating the cookies along with deleting the session or a means of intercepting the remember me session restore.

Updated by krileon almost 7 years ago Actions
Copy link
 #2

Remember Me key validation is stored in __user_keys. Clearing it will clear the remember me and resolve this issue.

Updated by krileon almost 7 years ago Actions
Copy link
 #3

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

Updated by krileon almost 7 years ago Actions
Copy link
 #4

  • Target version changed from 918 to 4.0.0

Updated by krileon almost 7 years ago Actions
Copy link
 #5

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: PDF Atom