I am having this problem with Magento 2.3.0.
When the user logs into his account and adds products to the cart. Click on "Continue with payment", either on the cart page and in the Login / Register pop-up window. However, the user has already logged in. I disabled all my modules, tried different themes and it still happens.
I am trying to access a secure shell (SSH) on a Linux host on GoDaddy.com. I installed putty as recommended. Enter the hostname and port = 22. Then a window appears and they ask me to log in. I enter that and then they ask for my password. When I press return after entering the password, the window disappears. It is as if he had left.
Keep in mind that I'm new to this kind of thing. Please, provide as much information as you can for clarity.
As a beginner pentester, I was pentesting one of our applications and found that the cookies were not getting destroyed when a user log outs. The cookies did come with an expiration time and date.
What I checked:
Without logging in, I tried to access the URL that lies behind the login, but I felt that HTTP request with the cookie that I had noted down before logging out. I was able to access the page as if I am a logged in user. Later, I tried the same URL with the same cookie, but after the expiry time of the cookie and as expected, the URL threw to 403 forbidden error. Is this a normal practice? Or should I ask the app owners to destroy the cookie as soon as the user logs out regardless of cookie's expiry date?