FIX Revoke a single session #59
Conversation
emteknetnz
force-pushed
the
pulls/1/revoke-one
branch
from
b7bbc06 to
0c647e0
Compare
maxime-rainville
force-pushed
the
pulls/1/revoke-one
branch
from
0c647e0 to
993ab2b
Compare
emteknetnz
force-pushed
the
pulls/1/revoke-one
branch
6 times, most recently
from
adeb0f3 to
43c5ced
Compare
|
@maxime-rainville Have updated so that RememberLoginHash's for unrevoked sessions are untouched |
emteknetnz
force-pushed
the
pulls/1/revoke-one
branch
from
43c5ced to
77ec852
Compare
There was a problem hiding this comment.
Following silverstripe/silverstripe-framework#9794, we decided that logout_across_devices would default to false when you install session manager.
My thinking is this:
- The vanilla install should keep the current default behaviour even if we don't think it's the best one in most cases. You need to set $logout_across_devices to false if you want the better log out behaviour.
- Session manager should implicitly set $logout_across_devices to false. If you logout, only the "Remember Me" token for the current session will be invalidated.
- Irrespective of what value is set for $logout_across_devices, when you use session manager to terminate a specific session, any "remember me" token associated to that session must be invalidated.
This seems like the sensible place to implement this change.
emteknetnz
force-pushed
the
pulls/1/revoke-one
branch
from
77ec852 to
fd784d0
Compare
emteknetnz
force-pushed
the
pulls/1/revoke-one
branch
from
fd784d0 to
6f8a5d4
Compare
| @@ -5,5 +5,7 @@ import: | |||
|
|
|||
| env: | |||
| global: | |||
| # require at minimum recipe 4.7 so that redux based toast notification are available | |||
| - REQUIRE_RECIPE="4.7.x-dev || " | |||
| - REQUIRE_RECIPE="4.x-dev" | |||
There was a problem hiding this comment.
It's still trying to test 4.7, 4.6 and 4.5 releases. That's preventing the builds from being 🟢
There was a problem hiding this comment.
I've tried changing this to use a different provision
There was a problem hiding this comment.
New provision worked, travis green
emteknetnz
force-pushed
the
pulls/1/revoke-one
branch
from
6f8a5d4 to
85d818c
Compare
Do we do that here? It's not an AC on the issue. This pull-request works with I'm just wondering if we need to reevaluate whether we even need to change the default value? Either way, should probably happen on a seperate PR since it's not an AC here? |
|
It was a pretty clear conclusion from silverstripe/silverstripe-framework#9794 (comment) Yes, we should have defined an AC for it. But if no one is arguing that this shouldn't happen is there much point spinning up a separate issue to manage the addition of 3 lines of YML? |
|
OK rereading the previous investigation it makes a bit more sense. Partially to help clarify my own understanding, I've spun up a new issue and brought into sprint (needs to happen) #65 - could you check that it's correct? PR for it should probably only take a few minutes. |
|
#65 looks good. Just make sure your YML section is named so people can use the |
|
Great ta will do. This PR should be good to merge now. I'll sort the YML PR now. |
Issue #46
Related
silverstripe/silverstripe-framework#9917