We have implemented a session which is stored on database and an auto login feature which uses Yii internal functionality. The current problem is there’s a vulnerability which when you export a cookie using EditThisCookie Chrome plugin and then logout to that user, importing that cookie and hitting refresh will re-create the session on database and log you in as if you were logged in. We use a 30 days expiration for the remembered authentication.
Isn’t this a security concern and what are the alternative way to fix this vulnerability?
I’ve read the another thread related to this but it was 3 years ago so hoping that somebody can make clear this.
We are actually not storing any sensitive data using setState. They are just used for display purposes but the fact that I’m able to re-use the exported cookies after logout is just making us worry.
The values stored using setState were only used to display the email and name on common layout and other stuff like that.