Actions
Bug #7400
closedDuplicate login does not invalidate cookies
Description
The duplicate login check does check for and delete duplicate sessions, but on refresh Joomla recreates the session from the cookie. At least 1 of the users cookies (duplicate user attempting to login) should be able to be invalidated.
https://www.joomlapolis.com/forum/153-professional-member-support/240296-cb-antispam-problem#309555
Updated by krileon almost 6 years ago
Confirmed. Remember Me bypasses normal login procedures and restores the session. Either need a means of invalidating the cookies along with deleting the session or a means of intercepting the remember me session restore.
Updated by krileon almost 6 years ago
Remember Me key validation is stored in __user_keys. Clearing it will clear the remember me and resolve this issue.
Updated by krileon almost 6 years ago
- Status changed from Assigned to Resolved
- % Done changed from 0 to 100
Actions