Skip to content

Clear session cookie on logout for better security#796

Merged
boomzero merged 3 commits intodevfrom
boomzero/secureLogout
May 3, 2025
Merged

Clear session cookie on logout for better security#796
boomzero merged 3 commits intodevfrom
boomzero/secureLogout

Conversation

@boomzero
Copy link
Member

@boomzero boomzero commented May 3, 2025
edited
Loading

What does this PR aim to accomplish?:

This pull request introduces a small but important change to the XMOJ.user.js script. It adds functionality to clear a specific cookie (PHPSESSID) when a user logs out.

How does this PR accomplish the above?:

  • XMOJ.user.js: Added a line to delete the PHPSESSID cookie by setting its expiration date to the past, ensuring the user's session is fully cleared during logout.

By submitting this pull request, I confirm the following:

  1. I have read and understood the contributor's guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented on my proposed changes within the code and I have tested my changes.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the GNU General Public License v3.0
  5. I have squashed any insignificant commits. (git rebase)
  6. I have checked that another pull request for this purpose does not exist.
  7. I have considered and confirmed that this submission will be valuable to others.
  8. I accept that this submission may not be used, and the pull request can be closed at the will of the maintainer.
  9. I give this submission freely and claim no ownership to its content.
  • I have read the above and my PR is ready for review. Check this box to confirm

@boomzero
Clear session cookie on logout for better security
5787ba2 
Add a line to remove the PHPSESSID cookie when the user logs out, ensuring the session is properly terminated. This change enhances security by preventing potential session reuse.
@hendragon-bot hendragon-bot bot added the user-script This issue or pull request is related to the main user script label May 3, 2025
@boomzero boomzero requested a review from Copilot May 3, 2025 09:24
@github-actions github-actions bot force-pushed the boomzero/secureLogout branch from 8238ec7 to 38c18ff Compare May 3, 2025 09:24
Copilot AI reviewed May 3, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves logout security by ensuring that the user's PHP session cookie is explicitly cleared during logout.

  • It adds a line in XMOJ.user.js to expire the PHPSESSID cookie when the logout button is clicked.

@boomzero boomzero merged commit 506378a into dev May 3, 2025
3 checks passed
@boomzero boomzero deleted the boomzero/secureLogout branch May 3, 2025 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

size/S user-script This issue or pull request is related to the main user script

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@boomzero