add server-side expiration date to auth cookies

Bug #334561 reported by samuel-archive
2
Affects Status Importance Assigned to Milestone
petabox
New
Undecided
Unassigned

Bug Description

user table should have a minimum date field for signed login cookies.

a password change should set this to the time of the password change

this way a password change will invalidate signed cookies in the field

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.