[OH-Dev] [issue740] On password change, expire remaining sessions
MarkTraceur
bugs at openhatch.org
Fri Jun 8 15:40:37 UTC 2012
New submission from MarkTraceur <mtraceur at member.fsf.org>:
I had to reset my password because I forgot it, but when I got back to my other
computer with a "remember my session" option enabled, the session was still
active! If someone is resetting the password for security reasons, it should
really kick any other existing sessions out, leaving access only for the person
with control of the email account.
Admittedly, it might be possible for an attacker to change the email account,
but fixing this would be a good step.
----------
messages: 3281
nosy: MarkTraceur, paulproteus
priority: urgent
status: unread
title: On password change, expire remaining sessions
__________________________________________
Roundup issue tracker <bugs at openhatch.org>
<https://openhatch.org/bugs/issue740>
__________________________________________
More information about the Devel
mailing list