Feature #5442

Destroy session / logout user on deleting an account

Added by Robert Lemke over 11 years ago. Updated over 8 years ago.

Status:
New
Priority:
Should have
Category:
Security
Target version:
-
Start date:
2009-11-19
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
Complexity:

Description

On calling remove() , the Account Repository should invalidate the session (or whatever is necessary) of the given account before deleting it.


Related issues

Has duplicate TYPO3.Flow - Bug #10669: Login session not "cleared" when creating new admin (security framework related?)Closed2010-11-08

Actions
#1

Updated by Andreas Förthner over 11 years ago

The implementation of this could work like this: when initializing the security context, we'll simply have to check, if the account of an authenticated token is still valid. If not set the token to AUTHENTICATION_REQUIRED.

Also available in: Atom PDF