View Issue Details

IDProjectCategoryView StatusLast Update
0022840mantisbtauthenticationpublic2017-12-04 02:25
ReporterdregadAssigned Todregad 
PrioritynormalSeverityminorReproducibilitysometimes
Status assignedResolutionopen 
Product Version 
Target Version2.10.0Fixed in Version 
Summary0022840: Don't expire user sessions when updating password hash after login method change
Description

As per @vboctor's suggestion

user_set_password() assumes that it is being called by a user, so it updates the cookie to expire browser sessions.

The same function is used by authentication API's auth_does_password_match() when updating the password hashes after a change of login method, only in this case there is no need to expire the sessions since the password itself is not changing - only the way it is stored in the database.

TagsNo tags attached.

Activities

Issue History

Date Modified Username Field Change
2017-05-06 17:43 dregad New Issue
2017-05-06 17:43 dregad Assigned To => dregad
2017-05-06 17:43 dregad Status new => assigned
2017-05-06 18:14 dregad Note Added: 0056787
2017-06-04 16:19 atrol Target Version 2.5.0 => 2.6.0
2017-09-03 18:50 vboctor Target Version 2.6.0 => 2.7.0
2017-10-08 23:55 vboctor Target Version 2.7.0 => 2.8.0
2017-10-28 19:14 vboctor Target Version 2.8.0 => 2.9.0
2017-12-04 02:25 vboctor Target Version 2.9.0 => 2.10.0