Patch #17796
closed
Expire all other sessions on password change
Added by Jan from Planio www.plan.io about 10 years ago.
Updated about 10 years ago.
Description
To improve user account security, we believe it is a good practice to expire all other active user sessions (on other computers or browsers) once a user changes their password.
Please find attached a patch that implements this feature against current trunk; tests included.
Files
- Assignee set to Jean-Baptiste Barth
Good practice I think. Same as #17717, I'd like to have some guidance about how we deal with that kind of patch. I didn't test this one but I'll review it and test it when I know what to do.
We can commit this patch now, but I'd like to change the new column to passwd_changed_on instead of password_changed_at.
- Project changed from 2 to Redmine
- Category set to Security
- Target version set to 2.6.0
- Status changed from Needs feedback to Closed
Added in r13412 with the column name requested by Jean-Philippe, and a minor typo fixed in the test. Thanks!
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by