Session not invalid after changing e mail OR password

Gary Kramlich grim at
Fri Oct 11 20:13:30 EDT 2019

On Sat, Sep 28, 2019 at 4:59 PM <hassan.jawaid012 at> wrote:
> Hi there,
> I found broken session bug on your website. Your website is unable to validate the session. That may lead takeover victims account.
> Reproduce:
> 1. Go to and log into your account from two different browsers.
> 2. Now change (PASSWORD OR EMAIL) from any browser you already logged in
> 3. You will be still logged into another browser.
> Kindly fix this issue.

We are in the process of replacing trac which will make this issue invalid.

> Thx,


Gary Kramlich <grim at>

More information about the security mailing list