Please check if your issue has already been reported first!

When reporting a bug, please follow the template provided, otherwise the report will be declined. The information requested is vital to allow us to correctly reproduce and then fix what you are reporting.
We have temporarily disabled Baermar Uraz's Ugly Sweater Cosmetic (all queues) due to issues affecting gameplay.

Visit the Kill Switch Master List for more information on this and other current known issues: https://forums.bhvr.com/dead-by-daylight/kb/articles/299-kill-switch-master-list
It's stats time! Sign up for our newsletter with your BHVR account by January 13 to receive your personalized 2024 Dead by Daylight stats!

Get all the details on our forums: https://forums.bhvr.com/dead-by-daylight/discussion/436478/sign-up-now-to-receive-a-recap-of-your-2024-dead-by-daylight-stats/p1?new=1

Failure to invalidate session on password reset

akkuji
akkuji Member Posts: 1
in Bug Reporting

Steps to Reproduce:

Browser 1: Log in to the account using valid credentials at https://account.bhvr.com.
Browser 2: Initiate a password reset via the "Forgot Password" functionality.
Browser 2: Complete the password reset, changing the account password.
Browser 1: Wait for about 5-10 seconds, Or refresh the page. The session in Browser 1 is logged out, as expected.
Browser 1: Press the browser's "Back" button or go to Previous page after logging out.
  1. Unexpected Behavior: Despite being logged out, you are able to access the full account, view sensitive information, and navigate through the account without needing to re-enter any credentials.
    Expected Behavior:
    Upon password reset, all existing sessions should be invalidated immediately. If the user presses the back button in any browser after being logged out, they should be redirected to the login page and prompted to enter valid credentials.

1
Up
1 votes

Pending · Last Updated