To make a bug report please head over to: https://app.betahub.io/projects/pr-5642738318
Once you have signed in, on the right hand side you can use the "report bug" button to be able to fully report the bug you've encountered. Thank you.
Once you have signed in, on the right hand side you can use the "report bug" button to be able to fully report the bug you've encountered. Thank you.
Jason is coming. Learn more on our PTB to Live Blogpost to see what changes you can expect when he enters the Fog. https://forums.bhvr.com/dead-by-daylight/kb/articles/549-ptb-to-live-changes-the-slasher
Failure to invalidate session on password reset
akkuji
Member Posts: 1
Steps to Reproduce:
Browser 1: Log in to the account using valid credentials at https://account.bhvr.com. Browser 2: Initiate a password reset via the "Forgot Password" functionality. Browser 2: Complete the password reset, changing the account password. Browser 1: Wait for about 5-10 seconds, Or refresh the page. The session in Browser 1 is logged out, as expected. Browser 1: Press the browser's "Back" button or go to Previous page after logging out.
- Unexpected Behavior: Despite being logged out, you are able to access the full account, view sensitive information, and navigate through the account without needing to re-enter any credentials.
Expected Behavior:
Upon password reset, all existing sessions should be invalidated immediately. If the user presses the back button in any browser after being logged out, they should be redirected to the login page and prompted to enter valid credentials.
1