search

smswithoutborders / SMSWithoutBorders.com

Here is the interface through which users can manage their accounts and store their credentials
https://smswithoutborders.com
GNU General Public License v3.0
23 stars 8 forks source link

[staging] Rebooted PC but account remained logged in #60

Closed sherlockwisdom closed 1 year ago

nSedrickm commented 1 year ago

@sherlock this is expected if you didn't logout and your session is still valid (2h)

sherlockwisdom commented 1 year ago

Let's reduce that to 30 minutes

nSedrickm commented 1 year ago

Its a config you can change on the BE

sherlockwisdom commented 1 year ago

There is a security vulnerability here, how is the FE handling it away from the BE?

nSedrickm commented 1 year ago

If the user makes any request after their session expires a 401 is thrown and they are logged immediately