You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since recently, changing the private code is a way to remove access to previous members: it prevents people from logging with the old private code (obviously) but also with the old token (e.g. in invitation links).
However, if a previous member still has a valid cookie, he/she may still be able to login anyway. We should check if it works, and if yes, fix this issue.
The text was updated successfully, but these errors were encountered:
I confirm that this is a problem : changing the project code doesn't invalidate the cookies. One way to mitigate this would be to include something derived from the project code in the cookie, and checking against it when checking the cookie.
zorun
changed the title
Check that changing the private code invalidates cookies
Invalidate session cookies when changing the private code
Jul 28, 2023
Since recently, changing the private code is a way to remove access to previous members: it prevents people from logging with the old private code (obviously) but also with the old token (e.g. in invitation links).
However, if a previous member still has a valid cookie, he/she may still be able to login anyway. We should check if it works, and if yes, fix this issue.
The text was updated successfully, but these errors were encountered: