I might be missing something but it seems that if an admin(A) removes user(U)'s admin permission while U was logged in as an admin then he can still restore his admin status.
What would be the right approach to avoid this situation where the session object becomes outdated?
Hello,
I might be missing something but it seems that if an admin(A) removes user(U)'s admin permission while U was logged in as an admin then he can still restore his admin status.
What would be the right approach to avoid this situation where the session object becomes outdated?