Feature #5442

Destroy session / logout user on deleting an account

Added by Robert Lemke almost 10 years ago. Updated almost 7 years ago.

Status:
New
Priority:
Should have
Category:
Security
Target version:
-
Start date:
2009-11-19
Due date:
% Done:

0%

PHP Version:
Has patch:
Complexity:

Description

On calling remove() , the Account Repository should invalidate the session (or whatever is necessary) of the given account before deleting it.


Related issues

Duplicated by TYPO3.Flow - Bug #10669: Login session not "cleared" when creating new admin (security framework related?) Closed 2010-11-08

History

#1 Updated by Andreas Förthner over 9 years ago

The implementation of this could work like this: when initializing the security context, we'll simply have to check, if the account of an authenticated token is still valid. If not set the token to AUTHENTICATION_REQUIRED.

Also available in: Atom PDF