rainbownapkin/canopy
1
0
Fork 0
Code Issues 2 Pull requests Actions Packages Projects Releases Wiki Activity

Kill Remember-Me Tokens with Sessions #174

New issue
Closed
opened 2025-09-16 08:32:47 -04:00 by rainbownapkin · 5 comments
rainbownapkin commented 2025-09-16 08:32:47 -04:00 (Migrated from gitlab.com)
Copy link

Users who logout should have any remember-me tokens associated with the request cleared from the DB.

Users who request a full-logout should have all associated remember-me tokens cleared.

Full session kill method should have option to leave remember-me tokens, for certain calls, such as in the advent of a rank change.

Users who logout should have any remember-me tokens associated with the request cleared from the DB. Users who request a full-logout should have all associated remember-me tokens cleared. Full session kill method should have option to leave remember-me tokens, for certain calls, such as in the advent of a rank change.
rainbownapkin commented 2025-09-16 08:32:48 -04:00 (Migrated from gitlab.com)
Copy link

added #167 as parent issue

added #167 as parent issue
rainbownapkin commented 2025-09-16 08:35:07 -04:00 (Migrated from gitlab.com)
Copy link

changed the description

changed the description
rainbownapkin added a new dependency 2025-09-25 05:41:14 -04:00
#167 Remember-Me Cookies
rainbownapkin commented 2025-10-20 07:53:42 -04:00
Owner
Copy link

Old keys are cleared on next login, to prevent doubled keys, and to allow users to who un-check 'remember me' to delete their token: e00e5a608b

We should still implement rememberme cookie detection and token db doc deletion from logout controller too, since a user requesting a logout shouldn't have to log back in manually just to delete their key.

Old keys are cleared on next login, to prevent doubled keys, and to allow users to who un-check 'remember me' to delete their token: e00e5a608b We should still implement rememberme cookie detection and token db doc deletion from logout controller too, since a user requesting a logout shouldn't have to log back in manually just to delete their key.
rainbownapkin commented 2025-10-21 00:23:43 -04:00
Owner
Copy link

Server now deletes associated remember-me token on user requested log-outs: 1d5a087d79

Server now deletes associated remember-me token on user requested log-outs: 1d5a087d79
rainbownapkin commented 2025-10-21 08:12:16 -04:00
Owner
Copy link

Remember me tokens now nuked upon full account logout: bc0657a702
Cleaned up remember-me error handling: d874f5e2da

Remember Me Tokens Complete.

Remember me tokens now nuked upon full account logout: bc0657a702 Cleaned up remember-me error handling: d874f5e2da Remember Me Tokens Complete.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dev
0.4-indev-hotfix-3
0.4-indev-hotfix-2
0.4-indev-hotfix-1
0.4-indev
0.3-indev-hotfix-1
0.3-indev
verbose-queue
0.2-indev
0.1-indev
No results found.
Labels
Clear labels   
Bug

   
Cleanup/Refactor

   
Core Feature

   
Documentation

   
Feature

   
Performance Improvement

   
Security Improvement

   
UX/Accessibility

   
Unreproducable Bug
No labels
Bug
Cleanup/Refactor
Core Feature
Documentation
Feature
Performance Improvement
Security Improvement
UX/Accessibility
Unreproducable Bug
Milestone
Clear milestone
No items
No milestone
Canopy v0.4-Indev
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks
#167 Remember-Me Cookies
rainbownapkin/canopy
Reference: rainbownapkin/canopy#174
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?