add server-side expiration date to auth cookies
Bug #334560 reported by
samuel-archive
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
petabox |
New
|
Undecided
|
Unassigned |
Bug Description
user table should have a minimum date field for signed login cookies.
a password change should set this to the time of the password change
this way a pasword change will invalidate signed cookies in the field
To post a comment you must log in.