Also, thanks to @cyclotron3k not just for the Android app, but for helping to find bugs that are really old.
Today's one is that logging out worked well in browsers but wasn't deleting server side tokens... meaning if a token got leaked and you logged out, the token could still be used in future. I've gone and purged from the database tokens that haven't been seen for a while, but also fixed the bug such that logging out now prunes tokens correctly from the database as well as the browser / client.
Also, thanks to @cyclotron3k not just for the Android app, but for helping to find bugs that are really old.
Today's one is that logging out worked well in browsers but wasn't deleting server side tokens... meaning if a token got leaked and you logged out, the token could still be used in future. I've gone and purged from the database tokens that haven't been seen for a while, but also fixed the bug such that logging out now prunes tokens correctly from the database as well as the browser / client.