livehelperchat icon indicating copy to clipboard operation
livehelperchat copied to clipboard

Published 20 hours ago verified publisher icon LiveHelperChat

Security improvments: invalidate session if password change.

Open PeopleInside opened this issue 6 years ago • 1 comments
trafficstars

If the same account are logged from different device or browser and the password is changed (or maybe reset) all open session must expire, not be anymore valid.

This is not happening, user logged in are able to continue to navigate and make edits. Should exist a way to made all session of an user expire when the password is reset or edited.

PeopleInside avatar Jan 23 '19 22:01 PeopleInside

Test in the demo: you change the admin password but if you have open session you will stay logged in the account. This is not good for security.. when the operator password is changed all open session on all PC should be no more valid.

PeopleInside avatar Sep 24 '19 16:09 PeopleInside

You can while editing user force user to change password and logout him

remdex avatar Sep 11 '23 12:09 remdex