Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GDPR5 #1411

Merged
merged 1 commit into from
Jun 11, 2018
Merged

GDPR5 #1411

merged 1 commit into from
Jun 11, 2018

Conversation

Martii
Copy link
Member

@Martii Martii commented Jun 11, 2018
edited
Loading

  • Destroy session instead of just blanking out the User object (and cookie) *confused as to why this was done but pre-me effectively joining I think*
  • This is another session leak discovered last week and is our current orphan from Fill out active session info a little more #1409... will clean up in a while
  • One comment typo that's been elusive every time I want to fix it... post STYLEGUIDE.md compliance as well with aCb

NOTES:

  • Now satisfied with "logout" destroy as it seems to be working well every test... so removed fallback
  • "There... is... another... *gasp*" * Yoda (working on twiddling to create a fix for it)

Related to #604 #1201 and #1393

Just a further note... blanking out the _expires the way it was keeps the session up to the max mongodb age (last check timeout was ~2 weeks... we don't need that... just kill the sessions)

Historical refs:

Cleansed orphan

@Martii
GDPR5
a3177aa 
* Destroy session instead of just blanking out the User object \*confused as to why this was done but pre-me joining\*
* This is another session leak discovered last week and is our current orphan from OpenUserJS#1409... will clean up in a while
* One comment typo that's been elusive every time I want to fix it

NOTES:
* Now satisfied with "logout" destroy as it seems to be working well every test... so removed fallback
* "There... is... another... \*gasp\*" * Yoda *(working on twiddling to create a fix for it)*

Related to OpenUserJS#604 OpenUserJS#1201 and OpenUserJS#1393
@Martii Martii added bug You've guessed it... this means a bug is reported. security Usually relates to something critical. DB Pertains inclusively to the Database operations. CODE Some other Code related issue and it should clearly describe what it is affecting in a comment. labels Jun 11, 2018
@Martii Martii merged commit d58b8f8 into OpenUserJS:master Jun 11, 2018
@Martii Martii deleted the removeEnhancement branch June 11, 2018 06:02
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Jun 12, 2018
@Martii
GDPR8
c3ee2ee 
* Use very short session before successful auth. Session "bleeding" briefly mentioned at OpenUserJS#1411 . This is "expanded" after successful auth.
* Output `originalMaxAge` for sync check in *express-session* via MongoDB
* Don't easily expose improper/expired callbacks. Part of OpenUserJS#37
* Remove some currently unneeded `return` statements already captured by block braces

Related to OpenUserJS#604 OpenUserJS#1201 OpenUserJS#1202 and OpenUserJS#1393
@Martii Martii mentioned this pull request Jun 12, 2018
Merged
Martii added a commit that referenced this pull request Jun 12, 2018
@Martii
GDPR8 (#1416)
8c35610 
* Use very short session before successful auth. Session "bleeding" briefly mentioned at #1411 . This is "expanded" after successful auth.
* Output `originalMaxAge` for sync check in *express-session* via MongoDB
* Don't easily expose improper/expired callbacks. Part of #37
* Remove some currently unneeded `return` statements already captured by block braces

Related to #604 #1201 #1202 and #1393 

Auto-merge
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 5, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
bug You've guessed it... this means a bug is reported. CODE Some other Code related issue and it should clearly describe what it is affecting in a comment. DB Pertains inclusively to the Database operations. security Usually relates to something critical.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Martii