node.js - Node Express Session revocation on re-issue? -
using node v12, express 4, , connect-pg-simple
during our security evaluation discovered if user logs in successfully, , logs in again successfully, prior session remains valid.
i'd second login revoke first session. failure means user can logged-in in 2 different browsers.
Comments
Post a Comment