johan/inou - inou - Clavitor Git

Commit Graph

Author	SHA1	Message	Date
James	5ebf9925ed	TASK-018: Fix session management vulnerabilities - Store session tokens server-side on login (was: generated but not stored) - Add /api/v1/auth/logout endpoint for server-side session invalidation - Delete old sessions on login to prevent session fixation attacks - Add Cache-Control: no-store headers to all auth responses Security fixes: 1. Session identifiers now rotated on login (old sessions deleted) 2. Logout properly invalidates server-side session 3. Auth responses include anti-caching headers	2026-03-23 00:35:36 -04:00
Johan	94946baf00	Initial commit	2026-02-01 02:43:27 -05:00

Author

SHA1

Message

Date

James

5ebf9925ed

TASK-018: Fix session management vulnerabilities

- Store session tokens server-side on login (was: generated but not stored)
- Add /api/v1/auth/logout endpoint for server-side session invalidation
- Delete old sessions on login to prevent session fixation attacks
- Add Cache-Control: no-store headers to all auth responses

Security fixes:
1. Session identifiers now rotated on login (old sessions deleted)
2. Logout properly invalidates server-side session
3. Auth responses include anti-caching headers

2026-03-23 00:35:36 -04:00

Johan

94946baf00

Initial commit

2026-02-01 02:43:27 -05:00

2 Commits