Node Express Session revocation on re-issue?

114 views Asked by At

Using node v12, Express 4, and connect-pg-simple

During our security evaluation is was discovered that if a user logs in successfully, and logs in again successfully, that the prior session remains valid.

I'd like for the second login to revoke the first session. Failure to do so means the user can be logged-in in two different browsers.

0

There are 0 answers