Actions
Bug #21945
closedDuring upgrade session and cache should be deleted
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Upgrades
Target version:
-
Description
During upgrade, we should consider deleting cache and session store. We haven't seen issues so far, but theoretically we could remove some permissions and these are being cached. After upgrade, user session are still valid including cache, this could possibly lead to security incident.
Updated by Marek Hulán over 6 years ago
I think that makes sense, although the risk is quite small. The cache would result in seeing menus that won't be accessible, permission check should catch this. If the migration has impact on roles, again, it should have immediate impact. But I can see the issue if the upgrade changes sessions themselves. The inconvenience of logging again after upgrade is small, so +1 from me.
Actions