- ABP Framework version: v5.2.1
- UI Type: MVC
- Database System: EF Core ( PostgreSQL)
- Tiered (for MVC) or Auth Server Separated (for Angular): no
- Exception message and full stack trace:
- Steps to reproduce the issue:
-> When User Change Own Password then another sessions of that user force fully logout(this issue show in vulnerability tool report.)
3 Answer(s)
-
0
hi
You can try to set
ValidationIntervalofSecurityStampValidatorOptions. The default is 30 minutes.If this value is too small, it may affect performance.
https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.securitystampvalidatoroptions.validationinterval?view=aspnetcore-8.0
-
0
Any other way because portal is too slow when i put 1 minute
i have to solve because its show as vulnerability.
-
0
hi
There is no good solution, we can only periodically check in the request if the user has changed the password.
You can override the
SecurityStampValidator.ValidatePrincipalAsyncmethod to validate it yourself in other ways.https://github.com/dotnet/aspnetcore/blob/release/8.0/src/Identity/Core/src/SecurityStampValidator.cs#L129-L163
