-
-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: Session doesn't invalidate when password is changed #552
Labels
bug
Something isn't working
Comments
hm, this seems like a big issue.. I think it might be fixed in v4 but for the most part I probably wont add a fix for this in v3 (i guess try to not let other people use your account 😅) |
Sounds good. Also, I probably should've reported this using the security advisories feature but I didn't see that before, my bad. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened?
When you change your Zipline account password, existing sessions do not get invalidated, and they stay signed in. This can be a security risk if your account got hacked.
Version
latest (ghcr.io/diced/zipline or ghcr.io/diced/zipline:latest)
What browser(s) are you seeing the problem on?
Firefox, Chromium-based (Chrome, Edge, Brave, Opera, mobile chrome/chromium based, etc)
Zipline Logs
No response
Browser Logs
No response
Additional Info
No response
The text was updated successfully, but these errors were encountered: