Closed gienq closed 2 years ago
Hey @gienq
You can add this check to your site if you'd like by querying the user on each page load and checking their activation status. We don't do this by default in the logged in check because of the performance impact, since not all sites need it.
Which branch are you using? 3
What commit hash are you on? latest
What CodeIgniter version are you using? v3
What PHP version are you using? PHP 7.4
Describe the bug If you deactivate the account (even own, currently logged in), Ion Auth library will keep the session state and the user is still logged in until logout.
To Reproduce Steps to reproduce the behavior:
Expected behavior For security reasons and good order library should check the activation status at each request (visiting new page, reloading)