Revision history [back]

If I change my Facebook password through its main website with e.g. a laptop browser, Jolla's Settings > Accounts screen tells me 'Not signed in'.

However, this change has not propagated to Jolla's web browser, which is still able to browse Facebook using old credentials or perhaps a session cookie or similar. Clearing cookies and web cache and reloading Facebook with the browser does the correct thing and loads a login page.

Perhaps if Jolla detects that the password to an account has changed on the server, it removes session cookies / tokens / whatever (i.e. all ways Jolla could access the service using stale credentials) and locks out the clients which are accessing the services, and notifies the user to update the credentials stored in Jolla. This is a major security bug, because if your Jolla is being used by an untrustworthy third party to access your data, and you try to lock them out by changing passwords on the server, the said third party is not locked out!

If I change my Facebook password through its main website with e.g. a laptop browser, Jolla's Settings > Accounts screen tells me 'Not signed in'.

However, this change has not propagated to Jolla's web browser, which is still able to browse Facebook using old credentials or perhaps a session cookie or similar. Clearing cookies and web cache and reloading Facebook with the browser does the correct thing and loads a login page.

Perhaps if Jolla detects that the password to an account has changed on the server, it removes session cookies / tokens / whatever (i.e. all ways Jolla could access the service using stale credentials) and locks out the clients which are accessing the services, and notifies the user to update the credentials stored in Jolla. This is a major security bug, because if your Jolla is being used by an untrustworthy third party to access your data, and you try to lock them out by changing passwords on the server, the said third party is not locked out!