If any GitHubbers are listening, please require credentials to revoke a session. Imagine the scenario in which a bad actor gets one of my session cookies - he can then hit this page, invalidate all of my sessions, and then aggressively use this page to keep me logged out of any new sessions, effectively locking me out of my account and preventing me from kicking him out.
Requiring authentication to revoke a session would fix that handily (or just make new sessions immune to revocation for 5 minutes or something)
That said, :thumbsup: on this. I really like having this kind of information available.
Requiring authentication to revoke a session would fix that handily (or just make new sessions immune to revocation for 5 minutes or something)
That said, :thumbsup: on this. I really like having this kind of information available.