antoniop
committed
on 12 Jan 21
Test the use case supposedly supported by sec_change_user_auth_token: invalidate all existing login cookies (e.g. when the users change thei… Show more
Test the use case supposedly supported by sec_change_user_auth_token: invalidate all existing login cookies (e.g. when the users change their password) so that all devices need to log in again

the test exposes a long standing regression (~17 years) where this was broken in order to support persistent login. See e.g. https://openacs.org/forums/message-view?message_id=1691183#msg_1691183

Show less