Expire User Sessions in Admin Site does not expire user session in Shopify Application in IOS
Unknown
Vulnerability Details
If an owner or an administrator clicks "Expire User Sessions" in Admin Site although you get the notification that all users where logged out, but this does not actually happens for the user that is currently logged in using the Shopify Application in IOS
This was tested on the latest Shopify app held in iTunes Store, using latest build of IOS 8.3 in iphone 6 plus
Thanks!
Actions
View on HackerOneReport Stats
- Report ID: 67220
- State: Closed
- Substate: resolved
- Upvotes: 2