Please check if your issue has already been reported first!
When reporting a bug, please follow the template provided, otherwise the report will be declined. The information requested is vital to allow us to correctly reproduce and then fix what you are reporting.
When reporting a bug, please follow the template provided, otherwise the report will be declined. The information requested is vital to allow us to correctly reproduce and then fix what you are reporting.
The second iteration of 2v8 is now LIVE - find out more information here: https://forums.bhvr.com/dead-by-daylight/kb/articles/480-2v8-developer-update
Failure to invalidate session on password reset
akkuji
Member Posts: 1
Steps to Reproduce:
Browser 1: Log in to the account using valid credentials at https://account.bhvr.com. Browser 2: Initiate a password reset via the "Forgot Password" functionality. Browser 2: Complete the password reset, changing the account password. Browser 1: Wait for about 5-10 seconds, Or refresh the page. The session in Browser 1 is logged out, as expected. Browser 1: Press the browser's "Back" button or go to Previous page after logging out.
- Unexpected Behavior: Despite being logged out, you are able to access the full account, view sensitive information, and navigate through the account without needing to re-enter any credentials.
Expected Behavior:
Upon password reset, all existing sessions should be invalidated immediately. If the user presses the back button in any browser after being logged out, they should be redirected to the login page and prompted to enter valid credentials.
1