Help Center

Improved

Fixed

ideasbugs

Open

Under Review

Planned

In Progress

Completed

Rejected

Closed

Priority

Refund request

High Priority

Low Priority

Main Roadmap

I read everything people post here and use it to fix bugs and improve my sites every day. Thanks for helping to improve my sites!⚠️ Use the same email when signing up here as on you use to sign in on the website you give feedback about. Your name and email are not shown publicly but are visible to us so we can help you. If your email is not the same as the website’s account, your post is automatically deleted.

Share your bug reports, ideas and feedback here.

Hey {name|there}! 👋

The Issue: A third party inadvertently gained access to my account (likely via a shared link containing a token). Even though I have deleted the specific photos they were looking at, they still retain full access to my account.It seems that session tokens/cookies never expire and do not rotate. Deleting content does not invalidate their active session.The Request: Currently, there is no way for a user to secure their account once a link is leaked.<ol><li>Immediate Fix: Please implement a "Log out all devices" button in the settings so I can revoke access to unauthorized users.</li><li>System Fix: Please implement Session Token Rotation. Using a link once should not grant permanent, irrevocable access. Keys should change or expire to prevent "zombie sessions."</li></ol>This is a major privacy concern for me. Please let me know how I can secure my account immediately.

third party inadvertently gained access to my account

hidden

Ideas + 🪲 Bugs

third party inadvertently gained access to my account

Subscribe to post

Subscribe to post