Skip to content

only clear the sessionToken for current account during sign out#20057

Closed
nshirley wants to merge 1 commit intomainfrom
fix/cached-signin
Closed

only clear the sessionToken for current account during sign out#20057
nshirley wants to merge 1 commit intomainfrom
fix/cached-signin

Conversation

@nshirley
Copy link
Contributor

@nshirley nshirley commented Feb 13, 2026

Because

This pull request

Issue that this pull request solves

Closes: (issue number)

Checklist

Put an x in the boxes that apply

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).
  • I have verified that my changes render correctly in RTL (if appropriate).

Screenshots (Optional)

Please attach the screenshots of the changes made in case of change in user interface.

Other information (Optional)

Any other information that is important to this pull request.

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 13, 2026
View reviewed changes
packages/fxa-settings/src/lib/cache.ts
// Clear the sessionToken from the account but keep the account data
// This allows the email to be cached for "cached signin" flow
if (uid && all[uid]) {
all[uid].sessionToken = undefined;

Check warning

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.
@nshirley nshirley closed this Feb 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nshirley