This repository was archived by the owner on Feb 19, 2025. It is now read-only.
Protect SessionManagement page in the same way as the Diagnostics page #11
Comments
This was referenced Sep 23, 2024
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Right now every authenticated user can list all sessions and remove them. It has to be obvious that something extra has to be done to protect it.
The text was updated successfully, but these errors were encountered: