Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalidate Cookies Server-Side #3762

Open
adamdriscoll opened this issue Sep 15, 2024 · 0 comments
Open

Invalidate Cookies Server-Side #3762

adamdriscoll opened this issue Sep 15, 2024 · 0 comments
Labels
Area-Security This issue is related to security features. enhancement New feature or request P3 - medium Medium impact issue. PowerShell Universal Issue relates to PowerShell Universal. Size - M This issue is a medium amount of work. support ticket This issue was the result of a support ticket. Support tickets receive priority.

Comments

@adamdriscoll
Copy link
Member

Summary of the new feature / enhancement

Currently, cookies are issued by the server and when the cookie times out, then it is no longer valid. If a user logs out, it causes the cookie to be deleted on the client-side but the cookie value is actually still valid. It would be possible to save the cookie value, logout, and then recreate the cookie with the value to sign in again.

We should have some server side validation of cookies to prevent this from happening. This was found in an external security audit.

Proposed technical implementation details (optional)

No response
@adamdriscoll adamdriscoll added enhancement New feature or request PowerShell Universal Issue relates to PowerShell Universal. support ticket This issue was the result of a support ticket. Support tickets receive priority. Area-Security This issue is related to security features. P3 - medium Medium impact issue. Size - M This issue is a medium amount of work. labels Sep 15, 2024
@adamdriscoll adamdriscoll modified the milestone: 5.0.8 Sep 15, 2024
@adamdriscoll adamdriscoll mentioned this issue Sep 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area-Security This issue is related to security features. enhancement New feature or request P3 - medium Medium impact issue. PowerShell Universal Issue relates to PowerShell Universal. Size - M This issue is a medium amount of work. support ticket This issue was the result of a support ticket. Support tickets receive priority.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adamdriscoll