Feature #5442
Destroy session / logout user on deleting an account
Status: | New | Start date: | 2009-11-19 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | Andreas Förthner | % Done: | 0% |
|
Category: | Security | |||
Target version: | - | |||
PHP Version: | Complexity: | |||
Has patch: |
Description
On calling remove() , the Account Repository should invalidate the session (or whatever is necessary) of the given account before deleting it.
Related issues
History
#1 Updated by Andreas Förthner over 5 years ago
The implementation of this could work like this: when initializing the security context, we'll simply have to check, if the account of an authenticated token is still valid. If not set the token to AUTHENTICATION_REQUIRED.