Homestyx hydra
Diffusion hydra 87309734cc5c

Nuke sessions from the database when users logout
87309734cc5c
Actions

Description

Nuke sessions from the database when users logout

Summary:
@tomo ran into an issue where he had some non-SSL-only cookie or whatever, so
"Logout" had no apparent effect. Make sure "Logout" really works by destroying
the session.

I originally kept the sessions around to be able to debug session stuff, but we
have a fairly good session log now and no reprorted session bugs except for all
the cookie stuff. It's also slightly more secure to actually destroy sessions,
since it means "logout" breaks any cookies that attackers somehow stole (e.g.,
by reading your requests off a public wifi network).

Test Plan: Commented out the cookie clear and logged out. I was logged out and
given a useful error message about clearing my cookies.

Reviewers: jungejason, nh, tuomaspelkonen, aran

Reviewed By: aran

CC: tomo, aran, epriestley

Differential Revision: 911

Details

Provenance
epriestleyAuthored on Sep 8 2011, 5:16 PM
sirocylPushed on Oct 16 2024, 5:49 AM
Parents
R1:206546a6e305: Merge pull request #62 from abdul/master
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (2)

PathSize
src/
applications/
auth/
controller/
logout/
people/
storage/
user/

R1:87309734cc5c

View Options

src/applications/auth/controller/logout/PhabricatorLogoutController.php

Loading...
View Options

src/applications/people/storage/user/PhabricatorUser.php

Loading...
styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)