[Bug]: gin-vue-admin does not properly termine existing user sessions when the user was deleted or disabled #1324
Assignees
Labels
bug
Something isn't working
Comments
|
We have comments for this situation in the JWT code. If necessary, you can open that comment yourself. Currently, it is only for the purpose of reducing database read and write, and this detection has not been done. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
gin-vue-admin 版本
2.4.5
Node 版本
v14.16.0
Golang 版本
go 1.16
是否依旧存在
可以
bug描述
First, a user login gin-vue-admin in one page. Then the admin deletes or disables the user in another page. But the user is still able to do any operations inside gin-vue-admin. Notice that refreshing the page does not force users to login again.
We have report it on https://huntr.dev/bounties/49ee5f87-3e84-46ec-b8d3-8a57d4886db5/ 21days ago through [email protected] but do not receive feedback.
修改建议
invalid all the user session once the user is deleted.
The text was updated successfully, but these errors were encountered: