Security Issue: Saved sessions for banned users

ajkochanowicz

We've recently discovered that while a banned user is not allowed to login, (s)he can still visit the direct link to his/her profile and post there, which of course shows up in the activity feed. I'm guess this is because their session is still open. Is this a known issue? Thanks.

Linc

I'm not aware of that issue being reported previously. I'm in GitHub anyway so I filed it: https://github.com/vanillaforums/Garden/issues/issue/643

Thanks!

Linc

I cannot reproduce this issue.

Linc

Are you sure this wasn't just close timing? When I tried to post from 1 browser after getting banned in the other, I was instantly locked out.

cdavid

Or maybe a cache problem?

Tim

I think this was an issue in Vanilla 1... are you sure you're using Vanilla 2?