Piwigo Bugtracker

Piwigo bug tracker has moved to Github

This bugtracker is kept to provide history on old issues.


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003092Piwigosecuritypublic2014.06.16 19:132014.06.16 19:13
Reportereffigies 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0003092: Resetting password should deactivate current user sessions
DescriptionJust a suggestion, but for your consideration:

If a user changes their password but has another session open (e.g. in another browser or on another machine), they will not be surprised to find the session ended.

If a user changes their password but an attacker has a session open, presumably the user would want the attacker's access restricted.

Finally, if an attacker changes their password but the user has a session open, the user would likely want to be alerted to being locked out of their account.
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web server
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2014.06.16 19:13 effigies New Issue
2014.06.16 19:13 effigies browser => any


Copyright © 2000 - 2018 MantisBT Team
Contact
Powered by Mantis Bugtracker