Comment 17 for bug 1179615
Revision history for this message
| Eoghan Glynn (eglynn) wrote Re: auth_token middleware neglects to check expiry of signed token | #17 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
I've confirmed that the effect of signed token revocation is reversed when the token is expires (as envisaged in the previous comment).
IMO this should be reflected in the impact description, e.g. by adding the line:
"The effect of signed token revocation is also reversed when the token expires, in the sense that a revoked token is once again treated as being valid."