Session Fixation in tsolucio/corebosValid
Oct 18th 2021
I created a user with username
test then I log in with
in the same time on another session I delete the user
test as an admin.
but the user
test that already logged in before that admin delete it is able to do anything that he could do before.
you should kick out the users after delete them and expire their current session.
I notice that there is a option that admins can log out the users but this is not accepted when a admin delete a user, the user after that able to do anything that could before.