We just deployed a security fix for a problem found by Gandalf.
Description of the problem:
After login the site is using a browser cookie to know that the member is authenticated. If the member is authenticated on more devices (let's say laptop and phone) and the member is changing its password on one of the devices the other device should logout the member so he can login again using the new password.
That was not happening and the member could continue his session on the other device until the browser cookie on that device expired.
What the bug-fix is doing:
When the member is changing his password on any device the other devices will detect the password change and the member will be logged-out on those devices so the member can login again using the new password.
We're looking for feedback from you, let us know if the fix is working as expected on your devices. If there are any issues we gonna investigate and resolve them.
Thank you Gandalf for finding the problem and helping out with the testing, much appreciated !
|"If you want to find the secrets of the universe, think in terms of energy, frequency and vibration."|