SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Hybrid View

  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2007
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    invalidate a cookie on password change

    I use cookies to manage user sessions in my Rails app. I recently found that when a user changes the password, the cookie does not get invalidated as expected. As you realize, this could be a great threat to security. How should I handle this problem? I want to expire or invalidate a cookie once the user changes the password. How do I do this in Rails. Thanks.

  2. #2
    Team ********* Louis Simoneau's Avatar
    Join Date
    Sep 2009
    Location
    Melbourne, Australia
    Posts
    228
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Are you using a plugin or gem (if so which one) for authentication or did you roll your own? How are you setting the cookie in the first place? Depending on what your current setup is, a simple solution would be to invalidate the cookie in your user update controller method if a new password is being provided.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •