userman.web.authenticate() assumes no session data if not logged in #11

Open

opened

This function simply checks if req.session exists. This is not correct, as web applications may keep session data for non-authenticated visitors.

Metadata

Assignees

No one assigned

Labels

No labels

No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests