add server-side expiration date to auth cookies
Bug #334561 reported by
samuel-archive
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| petabox |
New
|
Undecided
|
Unassigned | ||
Bug Description
user table should have a minimum date field for signed login cookies.
a password change should set this to the time of the password change
this way a password change will invalidate signed cookies in the field
To post a comment you must log in.
