Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Loginhash should invalidate after first login #4

Open
AndreasA opened this issue Nov 22, 2012 · 1 comment
Open

Loginhash should invalidate after first login #4

AndreasA opened this issue Nov 22, 2012 · 1 comment
Assignees
@petersooley

Comments

@AndreasA
Copy link

Hello,

personally I think that the login hash should invalidate after first login.
Furthermore the login hash should be removed from the URL after "authentication" because otherwise if I want to pass on the URL to a certain page to another user I end up copying the URL.
However, we need to be careful so that e.g. FlashMessages aren't lost.

Furthermore, user activiation should only be possible as long as a user is not activate (e.g. not in the validated group) - of course, that only works fine if validate and unvalidate group are different.
@zdavis
Copy link
Member

zdavis commented Nov 26, 2012

Andreas,

Ok, we'll take a look at this or, if you can, feel free to send us a pull request.

Zach

@ghost ghost assigned petersooley Nov 26, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petersooley petersooley

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zdavis @petersooley @AndreasA