When logging out/ending a session, don't create a new, empty session
|Reported by:||mattrobenolt||Owned by:||mattrobenolt|
|Severity:||Normal||Keywords:||session, logout, auth|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||yes|
Previously, when logging out, the existing session is overwritten by a new sessionid instead of deleting the session all together.
This behavior adds overhead by creating a new session record in whichever backend being used, db, cache, etc.
This extra session is unnecessary at the time since no session data is meant to be preserved when explicitly logging out.
Change History (8)
comment:1 Changed 7 months ago by ptone
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted
comment:4 Changed 7 months ago by mattrobenolt
- Owner changed from nobody to mattrobenolt
- Patch needs improvement set
- Status changed from new to assigned