Patch #17796

Expire all other sessions on password change

Added by Jan from Planio almost 8 years ago. Updated almost 8 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Baptiste Barth% Done:


Target version:2.6.0


To improve user account security, we believe it is a good practice to expire all other active user sessions (on other computers or browsers) once a user changes their password.

Please find attached a patch that implements this feature against current trunk; tests included.

0001-Expire-all-other-sessions-on-password-change.patch Magnifier (4.56 KB) Jan from Planio, 2014-09-04 19:02

Associated revisions

Revision 13412
Added by Jean-Baptiste Barth almost 8 years ago

Expire other sessions on password change (#17796).

Contributed by Jan Schulz-Hofen.


#1 Updated by Jean-Baptiste Barth almost 8 years ago

  • Assignee set to Jean-Baptiste Barth

Good practice I think. Same as #17717, I'd like to have some guidance about how we deal with that kind of patch. I didn't test this one but I'll review it and test it when I know what to do.

#2 Updated by Jean-Philippe Lang almost 8 years ago

We can commit this patch now, but I'd like to change the new column to passwd_changed_on instead of password_changed_at.

#3 Updated by Etienne Massip almost 8 years ago

  • Project changed from Security to Redmine
  • Category set to Security
  • Target version set to 2.6.0

#4 Updated by Jean-Baptiste Barth almost 8 years ago

  • Status changed from Needs feedback to Closed

Added in r13412 with the column name requested by Jean-Philippe, and a minor typo fixed in the test. Thanks!

Also available in: Atom PDF