Opened 8 years ago

Closed 8 years ago

#27009 closed Cleanup/optimization (fixed)

Make update_session_auth_hash() rotate the session key

Reported by: Tim Graham Owned by: nobody
Component: contrib.auth Version: 1.10
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

If contrib.auth.update_session_auth_hash() rotates the session key, this invalidates stolen session cookies upon a password change.

Change History (2)

comment:1 by Tim Graham, 8 years ago

Has patch: set

comment:2 by GitHub <noreply@…>, 8 years ago

Resolution: fixed
Status: newclosed

In 7549eb00:

Fixed #27009 -- Made update_session_auth_hash() rotate the session key.

Note: See TracTickets for help on using tickets.
Back to Top