Cookie Session Not Expiring Even After Deleting the users in pyload/pyload
Jan 5th 2023
The session is not expiring in another browser if we delete the user.
Proof of Concept
- Create two users with an admin role for the POC
- Login in two different browsers Firefox (user A ) and Chrome (user B) respectively
- Go the settings->users and delete user B from user A Firefox browser
- User B cookie is still logged in in Chrome and can still access everything
Even after deleting the user he/she can create again the user for himself/herself, and can perform everything.