Invalidate Cookies Server-Side #3762
Labels
Area-Security
This issue is related to security features.
enhancement
New feature or request
P3 - medium
Medium impact issue.
PowerShell Universal
Issue relates to PowerShell Universal.
Size - M
This issue is a medium amount of work.
support ticket
This issue was the result of a support ticket. Support tickets receive priority.
Summary of the new feature / enhancement
Currently, cookies are issued by the server and when the cookie times out, then it is no longer valid. If a user logs out, it causes the cookie to be deleted on the client-side but the cookie value is actually still valid. It would be possible to save the cookie value, logout, and then recreate the cookie with the value to sign in again.
We should have some server side validation of cookies to prevent this from happening. This was found in an external security audit.
Proposed technical implementation details (optional)
No response
The text was updated successfully, but these errors were encountered: