Project

General

Profile

Actions

Patch #17796

closed

Expire all other sessions on password change

Added by Jan from Planio www.plan.io over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
Due date:
% Done:

90%

Estimated time:

Description

To improve user account security, we believe it is a good practice to expire all other active user sessions (on other computers or browsers) once a user changes their password.

Please find attached a patch that implements this feature against current trunk; tests included.


Files

Actions #1

Updated by Jean-Baptiste Barth over 9 years ago

  • Assignee set to Jean-Baptiste Barth

Good practice I think. Same as #17717, I'd like to have some guidance about how we deal with that kind of patch. I didn't test this one but I'll review it and test it when I know what to do.

Actions #2

Updated by Jean-Philippe Lang over 9 years ago

We can commit this patch now, but I'd like to change the new column to passwd_changed_on instead of password_changed_at.

Actions #3

Updated by Etienne Massip over 9 years ago

  • Project changed from 2 to Redmine
  • Category set to Security
  • Target version set to 2.6.0
Actions #4

Updated by Jean-Baptiste Barth over 9 years ago

  • Status changed from Needs feedback to Closed

Added in r13412 with the column name requested by Jean-Philippe, and a minor typo fixed in the test. Thanks!

Actions

Also available in: Atom PDF