You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First, a user login gin-vue-admin in one page. Then the admin deletes or disables the user in another page. But the user is still able to do any operations inside gin-vue-admin. Notice that refreshing the page does not force users to login again.
We have comments for this situation in the JWT code. If necessary, you can open that comment yourself. Currently, it is only for the purpose of reducing database read and write, and this detection has not been done.
gin-vue-admin 版本
2.4.5
Node 版本
v14.16.0
Golang 版本
go 1.16
是否依旧存在
可以
bug描述
First, a user login gin-vue-admin in one page. Then the admin deletes or disables the user in another page. But the user is still able to do any operations inside gin-vue-admin. Notice that refreshing the page does not force users to login again.
We have report it on https://huntr.dev/bounties/49ee5f87-3e84-46ec-b8d3-8a57d4886db5/ 21days ago through [email protected] but do not receive feedback.
修改建议
invalid all the user session once the user is deleted.
The text was updated successfully, but these errors were encountered: