When logging out/ending a session, don't create a new, empty session
|Reported by:||Matt Robenolt||Owned by:||Matt Robenolt|
|Severity:||Normal||Keywords:||session, logout, auth|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||yes|
Previously, when logging out, the existing session is overwritten by a new sessionid instead of deleting the session all together.
This behavior adds overhead by creating a new session record in whichever backend being used, db, cache, etc.
This extra session is unnecessary at the time since no session data is meant to be preserved when explicitly logging out.
Change History (11)
comment:1 Changed 3 years ago by
|Patch needs improvement:||unset|
|Triage Stage:||Unreviewed → Accepted|
comment:4 Changed 3 years ago by
|Owner:||changed from nobody to Matt Robenolt|
|Patch needs improvement:||set|
|Status:||new → assigned|