Closed ojhaujjwal closed 10 years ago
Cookies are never removed, because the cookie might be present on a system which is currently not connected. But that poses the risk you are just referring to. Makes sense to clear the remember_me series when someone changes his password.
But I am not sure how fast I can add this functionality. Lots of projects on my desk right now.
Von: Ujjwal Ojha [mailto:notifications@github.com] Gesendet: Donnerstag, 30. Januar 2014 10:40 An: goalio/GoalioRememberMe Betreff: [GoalioRememberMe] Does this module removes cookies when user changes his password? (#22)
I could not find if this module removes cookies when user changes his password. I guess you should listen to the event, 'changePassword' and remove all the data associated with the user from table, user_remember_me. Optionally, you can add a check box in the changepassword form if all the cookie data are to be removed.
— Reply to this email directly or view it on GitHubhttps://github.com/goalio/GoalioRememberMe/issues/22.
I have a sent a PR here, https://github.com/goalio/GoalioRememberMe/pull/23/files
I could not find if this module removes all the data associated with cookies when user changes his password. I guess you should listen to the event, 'changePassword' and remove all the data associated with the user from table,
user_remember_me
. Optionally, you can add a check box in the changepassword form if all the cookie data are to be removed.