auth cookies need to be server expired

Bug #293879 reported by samuel-archive
2
Affects Status Importance Assigned to Milestone
petabox
New
Undecided
Unassigned

Bug Description

server side expiration of auth cookies are necessary for:
logouts to be absolute
password changes to be trigge logouts
recover from cookie theft

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.