Issue 740: On password change, expire remaining sessions - Roundup issue tracker

Title	On password change, expire remaining sessions
Milestone		Priority	urgent
Waiting On		Status	resolved
Superseder		Nosy List	Aaron1011, MarkTraceur, mdaniel, paulproteus
Assigned To	Aaron1011	Keywords

Created on 2012-06-08.15:40:37 by MarkTraceur, last changed 2013-05-03.05:11:43 by paulproteus.

Messages
msg3686 (view)	Author: paulproteus	Date: 2013-05-03.05:11:42
Hi Aaron, Thank you again for this change! I had forgotten to update the bug tracker to indicate it's closed, but it is, so I'm marking it resolved here!
msg3656 (view)	Author: Aaron1011	Date: 2013-03-21.22:23:40
I have submitted a fix here: https://github.com/openhatch/oh-mainline/pull/99
msg3370 (view)	Author: mdaniel	Date: 2012-08-19.06:04:25
What about immediately expiring the session after changing the password? (this has the side effect of logging out the current user)
msg3282 (view)	Author: paulproteus	Date: 2012-06-08.16:42:56
Thanks for this bug submission. I think that change makes sense.
msg3281 (view)	Author: MarkTraceur	Date: 2012-06-08.15:40:32
I had to reset my password because I forgot it, but when I got back to my other computer with a "remember my session" option enabled, the session was still active! If someone is resetting the password for security reasons, it should really kick any other existing sessions out, leaving access only for the person with control of the email account. Admittedly, it might be possible for an attacker to change the email account, but fixing this would be a good step.

History
Date	User	Action	Args
2013-05-03 05:11:43	paulproteus	set	status: need-review -> resolved messages: + msg3686
2013-03-31 23:51:06	Aaron1011	set	assignedto: Aaron1011 nosy: + Aaron1011
2013-03-21 22:23:40	Aaron1011	set	status: chatting -> need-review messages: + msg3656
2012-08-19 06:04:25	mdaniel	set	nosy: + mdaniel messages: + msg3370
2012-06-08 16:42:58	paulproteus	set	status: unread -> chatting messages: + msg3282
2012-06-08 15:40:37	MarkTraceur	create