When logging out/ending a session, don't create a new, empty session
|Reported by:||mattrobenolt||Owned by:||mattrobenolt|
|Severity:||Normal||Keywords:||session, logout, auth|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||yes|
Previously, when logging out, the existing session is overwritten by a new sessionid instead of deleting the session all together.
This behavior adds overhead by creating a new session record in whichever backend being used, db, cache, etc.
This extra session is unnecessary at the time since no session data is meant to be preserved when explicitly logging out.
Change History (11)
comment:1 Changed 2 years ago by ptone
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted
comment:4 Changed 2 years ago by mattrobenolt
- Owner changed from nobody to mattrobenolt
- Patch needs improvement set
- Status changed from new to assigned
comment:9 Changed 21 months ago by Ramiro Morales <cramm0@…>
- Resolution set to fixed
- Status changed from assigned to closed