Feature #5442
Destroy session / logout user on deleting an account
| Status: | New | Start date: | 2009-11-19 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | Andreas Förthner | % Done: | 0% |
|
| Category: | Security | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: |
Description
On calling remove() , the Account Repository should invalidate the session (or whatever is necessary) of the given account before deleting it.
Related issues
History
#1 Updated by Andreas Förthner over 5 years ago
The implementation of this could work like this: when initializing the security context, we'll simply have to check, if the account of an authenticated token is still valid. If not set the token to AUTHENTICATION_REQUIRED.