Contao has done incorrect session invalidation. It does not perform correct session invalidation for existing sessions when users update their passwords in frontend or backend.
CPE | Name | Operator | Version |
---|---|---|---|
contao/contao | le | 4.7.2 | |
contao/contao | le | 4.4.37 | |
contao/core-bundle | le | 4.7.2 | |
contao/core-bundle | le | 4.4.37 |