Closed
Bug 836407
Opened 11 years ago
Closed 11 years ago
Remove Bango cookie when new user logs into pay flow
Categories
(Marketplace Graveyard :: Payments/Refunds, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
2013-02-14
People
(Reporter: kumar, Assigned: kumar)
References
Details
(Whiteboard: p=)
Since the Bango cookie is tied to device and a cookie allows repeat purchases, one simple security fix we can do is tell Bango "a new user has logged in" so that they can disregard and delete their cookie. This is important for the case of resetting a PIN which requires users to re-authenticate (bug 822491).
Assignee | ||
Comment 1•11 years ago
|
||
What is the best way to do this? Maybe we can use a new billing config API option?
Updated•11 years ago
|
Assignee: sruston → keir
Comment 2•11 years ago
|
||
The other reason I can think why this might not be a good idea is if somehow the users can back button to a pre existing billing config id after logging out? We could expose a url like http://mozbango/mozpayments/logout which you could make a GET to in the cb of your log out?
Assignee | ||
Comment 3•11 years ago
|
||
Yeah, the logout URL would cover this situation better. Let's do that. Thanks.
Updated•11 years ago
|
Version: 1.0 → 1.1
Updated•11 years ago
|
Whiteboard: p=
Comment 4•11 years ago
|
||
(In reply to Kumar McMillan [:kumar] from comment #3) > Yeah, the logout URL would cover this situation better. Let's do that. > Thanks. Now available at http://mozilla.test.bango.org/mozpayments/logout/
Assignee | ||
Comment 5•11 years ago
|
||
Awesome, thanks! I assume that a 200 http response we get from this means it worked? I will integrate this into the various webpay logout flows.
Assignee: keir → kumar.mcmillan
Target Milestone: --- → 2013-02-14
Assignee | ||
Comment 6•11 years ago
|
||
Here is a logout for the reset PIN flow https://github.com/mozilla/webpay/commit/b0e6085f676d601a1122a3ee2b4516d9b7007672
Assignee | ||
Comment 7•11 years ago
|
||
Fixed https://github.com/mozilla/webpay/commit/f54be58ff575f27414027d064383634fbaeac9b5
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•