dre1080
commented
12 years ago Yes, auth tokens are compared in Warden_Driver::logged_in() and Warden::check() is run in every Warden::_init()
Closed JesseObrien closed 12 years ago
dre1080
commented
12 years ago Yes, auth tokens are compared in Warden_Driver::logged_in() and Warden::check() is run in every Warden::_init()
JesseObrien
commented
12 years ago Check https://github.com/dre1080/warden/pull/13. The auth tokens are compared, but locking isn't checked in the driver.
dre1080
commented
12 years ago
Ideally, if an anyone locks a users account, the account should be subsequently logged out on the next request that requires a session check. I don't know how much overhead it would be but authentication tokens should be compared on each Warden::check() Upon locking it should revoke the current authentication token in the database, destroy the session immediatly, and the cookie as well.