Leo Hemsted a47672f7e3 Add current_session_id to the user model, update on login ...

when we change the last logged in time, set the current session id to
a random uuid

this way, we can compare it to the cookie a user has, and if they
differ then we can log them out

also update user.logged_in_at at 2FA rather than password check, since
that feels more accurate

2017-02-22 17:30:55 +00:00

558 B

Raw Blame History

View Raw