Forum OpenACS Improvement Proposals (TIPs): Re: TIP#124 Stack of procs executed next page request

Collapse
Posted by Dave Bauer on
It seems simpler and less error prone to invalidate the cookies so the next time they login cookie is checked, its invalid. All this requires is a token used to encode the cookie contents along with the time.

This is already EXACTLY how the code works:

if {$auth_token eq [sec_get_user_auth_token $untrusted_user_id]} {

it compares the auth token provided with the cookie with the users current valid auth token. Invalidating the auth token will invalidate the cookies.