Replies: 1 comment 1 reply
-
|
This is a massive security hole unfortunately. When signing out, there should no longer be a token with PII installed inside it in a cookie. this means that anyone accessing a nextauth secured site from a public computer cannot rely on signout to remove their information. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
just moved to clerk, problem solved. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
The site is open source, any fix would be greatly appreciated, i'll keep updated if i fix the issue, please @ me for anything.
Repo: https://github.com/habbofun/hfun-battleball-leaderboard
Important files:
https://github.com/habbofun/hfun-battleball-leaderboard/blob/master/src/hooks/use-current-user.ts
https://github.com/habbofun/hfun-battleball-leaderboard/blob/master/src/server/auth.config.ts
https://github.com/habbofun/hfun-battleball-leaderboard/blob/master/src/app/(protected)/settings/page.tsx
https://github.com/habbofun/hfun-battleball-leaderboard/blob/master/src/components/auth/login/login-form.tsx
Also found out it's not just between login/logout, if i update my database from prisma studio, i have to re-login to see the changes.
Beta Was this translation helpful? Give feedback.
All reactions