Resetting password does not invalidate other sessions
-
Continuing the discussion from Quotes Fixer - Client side Plugin. (v2):
If you're logged in to multiple browsers, and trigger a password reset from one of them, after you've set the new password the other browsers remain logged in.
Discoursistently - clicking Log Out in one browser logs them all out.
-
Obviously the discodevs never really thought through their security system.
-
Didn't Orkut have this problem?
If Discourse can't do better than Orkut, I don't think it counts as software.
-
Down to be fixed at, ummm, some point?
-
Down to be fixed at, ummm, some point?
Don't worry, it's in the bug tracker and prioritized now.
-
bug tracker
prioritized
-
Hey! They have Top Men working on this. Top. Men.
Hmm...maybe that's how blakey or Lorne can take down the discodevs. An SJW campaign against discobros.
-
Great to see security is #1 in discourse land.
I can't believe this shit is used by companies now.
-
Hmm...maybe that's how blakey or Lorne can take down the discodevs. An SJW campaign against discobros.
Interesting idea, but I'm not posting on 8chan for any purpose.
I kind of wish I was better at finding security flaws and pwning sites, I think there's probably still enough holes that some skilled person could get into Discourse's database. Dropping BoingBoing's database a few times would effectively kill Atwood's inexplicably-inflated reputation.
-
Interesting idea, but I'm not posting on 8chan for any purpose.
I was thinking more tumblr, though I hear there's plenty of SJW rabble on twitter, too.
-
Tumblr are very ineffective, though.
Best example:
-
yeah will fix first thing tomorrow. I bookmarked it and its on the top of my queue
-
Clearing your cookie cache doesn't result in your session being cleared either.
-
-
Clearing your cookie cache doesn't result in your session being cleared either.
Rather
inconsistentlyannoyingly, FF on my home laptop is quite happy to forget that I'm logged in if I restart the browser. Same FF on work laptop is quite happy to remember it across invocations.I've yet to pin down exactly which setting isn't being synchronized between the two to exhibit this behaviour.
-
Sounds like one isn't clearing cookies between sessions
-
From what I remember, the cookie policy is identical on both. It's certainly supposed to be...