Patch #17796

Expire all other sessions on password change

Added by Jan from Planio www.plan.io about 3 years ago. Updated about 3 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Baptiste Barth% Done:

90%

Category:Security
Target version:2.6.0

Description

To improve user account security, we believe it is a good practice to expire all other active user sessions (on other computers or browsers) once a user changes their password.

Please find attached a patch that implements this feature against current trunk; tests included.

0001-Expire-all-other-sessions-on-password-change.patch Magnifier (4.56 KB) Jan from Planio www.plan.io, 2014-09-04 19:02

Associated revisions

Revision 13412
Added by Jean-Baptiste Barth about 3 years ago

Expire other sessions on password change (#17796).

Contributed by Jan Schulz-Hofen.

History

#1 Updated by Jean-Baptiste Barth about 3 years ago

  • Assignee set to Jean-Baptiste Barth

Good practice I think. Same as #17717, I'd like to have some guidance about how we deal with that kind of patch. I didn't test this one but I'll review it and test it when I know what to do.

#2 Updated by Jean-Philippe Lang about 3 years ago

We can commit this patch now, but I'd like to change the new column to passwd_changed_on instead of password_changed_at.

#3 Updated by Etienne Massip about 3 years ago

  • Project changed from Security to Redmine
  • Category set to Security
  • Target version set to 2.6.0

#4 Updated by Jean-Baptiste Barth about 3 years ago

  • Status changed from Needs feedback to Closed

Added in r13412 with the column name requested by Jean-Philippe, and a minor typo fixed in the test. Thanks!

Also available in: Atom PDF