SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2007
    0 Post(s)
    0 Thread(s)

    invalidate a cookie on password change

    I use cookies to manage user sessions in my Rails app. I recently found that when a user changes the password, the cookie does not get invalidated as expected. As you realize, this could be a great threat to security. How should I handle this problem? I want to expire or invalidate a cookie once the user changes the password. How do I do this in Rails. Thanks.

  2. #2
    Team ********* Louis Simoneau's Avatar
    Join Date
    Sep 2009
    Melbourne, Australia
    1 Post(s)
    0 Thread(s)
    Are you using a plugin or gem (if so which one) for authentication or did you roll your own? How are you setting the cookie in the first place? Depending on what your current setup is, a simple solution would be to invalidate the cookie in your user update controller method if a new password is being provided.

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts