riverrun
commented
6 years ago Good idea. I'm also going to add plug :id_check to the delete method in the session_controller (I'll be pushing that to master later today).
Closed fabrik42 closed 6 years ago
riverrun
commented
6 years ago Good idea. I'm also going to add plug :id_check to the delete method in the session_controller (I'll be pushing that to master later today).
fabrik42
commented
6 years ago Thanks! There are some other actions where I was not sure, if it is a good idea, for example should the password reset only be available when logged out?
riverrun
commented
6 years ago In version 1.2, I clear all the sessions as part of the create function - when the password reset is requested.
I also added update password (for users that are logged in) and forgot password links to the templates.
I'm also thinking about not allowing login after the reset has been requested, but that is not implemented yet.
This PR adds the reverse function to
check_user/2, because I think some action should not be allowed to be performed by logged in users.For now, it makes sure that logged in users are not able to visit the login form again after being logged in. This can be very handy to prevent confusing situations, e.g. the user has the login form url in the browser's cache and visits it, even though the user is still logged in.
What do you think?