Closed JesseObrien closed 12 years ago
Yes, auth tokens are compared in Warden_Driver::logged_in()
and Warden::check()
is run in every Warden::_init()
Check https://github.com/dre1080/warden/pull/13. The auth tokens are compared, but locking isn't checked in the driver.
Ideally, if an anyone locks a users account, the account should be subsequently logged out on the next request that requires a session check. I don't know how much overhead it would be but authentication tokens should be compared on each Warden::check() Upon locking it should revoke the current authentication token in the database, destroy the session immediatly, and the cookie as well.