Files
notifications-admin/app/notify_client/user_api_client.py
Rebecca Law 937c9f2adc Ensure that the session is logged out server side, not just client side.
Anytime a user clicks "sign out" we should be signing them out server side as well. This can be accomplished by setting the Users.current_session_id = null.
I found that the method User.logged_in_elsewhere doesn't need to check if the current_session_id is None. The current_session_ids in the cookie and db (redis or postgres) then the user should be forced to log in again.
2020-02-03 12:24:02 +00:00

6.8 KiB