goalio / GoalioRememberMe

A Zend Framework 2 (ZF2) Module offering remember me functionality to ZfcUser
BSD 3-Clause "New" or "Revised" License
32 stars 19 forks source link

Does this module removes data associated with cookies when user changes his password? #22

Closed ojhaujjwal closed 10 years ago

ojhaujjwal commented 10 years ago

I could not find if this module removes all the data associated with cookies when user changes his password. I guess you should listen to the event, 'changePassword' and remove all the data associated with the user from table, user_remember_me. Optionally, you can add a check box in the changepassword form if all the cookie data are to be removed.

pdobrigkeit commented 10 years ago

Cookies are never removed, because the cookie might be present on a system which is currently not connected. But that poses the risk you are just referring to. Makes sense to clear the remember_me series when someone changes his password.

But I am not sure how fast I can add this functionality. Lots of projects on my desk right now.

Von: Ujjwal Ojha [mailto:notifications@github.com] Gesendet: Donnerstag, 30. Januar 2014 10:40 An: goalio/GoalioRememberMe Betreff: [GoalioRememberMe] Does this module removes cookies when user changes his password? (#22)

I could not find if this module removes cookies when user changes his password. I guess you should listen to the event, 'changePassword' and remove all the data associated with the user from table, user_remember_me. Optionally, you can add a check box in the changepassword form if all the cookie data are to be removed.

— Reply to this email directly or view it on GitHubhttps://github.com/goalio/GoalioRememberMe/issues/22.

ojhaujjwal commented 10 years ago

I have a sent a PR here, https://github.com/goalio/GoalioRememberMe/pull/23/files