Comment 8 for bug 1701978

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE

commit 424ded281718e23acfb08c4c0cc7772b2bbd9585
Author: Cecilia Vela Gurovic <email address hidden>
Date: Wed Jul 5 13:16:07 2017 +1200

Security Bug 1701978: fix session cookie issues

1. when a user logs in it clears any obsolete
usr_session cookies for the user
2. recording the user-agent of the session
and if it changes to prompt the user to
login again
3. when self adding / editing email address(es)
send 2 emails
 - one to the new email address asking user to confirm address
 - and one to the primary email address to alert user
 that a new email is being added to their account and
 if this is bad how to contact their admin about the problem.

Change-Id: Ia44b66cf831abd553b72aa8b1d58d2a2634863b8