root: disable session_save_every_request as it overwrites the session with old data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2991
This commit is contained in:
Jens Langhammer
@ -15,10 +15,6 @@ slug: "2022.6"
|
||||
|
||||
Instead of creating a Notification with each transport, there is now a new Transport mode called "Local", which locally creates the Notifications. This also adds the ability to customize the notification using a mapping.
|
||||
|
||||
- Database-based sessions
|
||||
|
||||
Sessions have been migrated from the database, where as they previously were stored in the cache. This has a slight performance hit, however fixes random issues cause by non-atomic session changes.
|
||||
|
||||
- MFA Validation threshold has been migrated to signed cookies
|
||||
|
||||
Last MFA validation is now saved in a signed cookie, which changes the behavior so that only the current browser is affected by MFA validation, and an attacker cannot exploit the fact that a user has recently authenticated with MFA.
|
||||
|
||||
Reference in New Issue
Block a user