Piwigo Bugtracker

Piwigo bug tracker has moved to Github

This bugtracker is kept to provide history on old issues.

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003092Piwigosecuritypublic2014.06.16 19:132014.06.16 19:13
Assigned To 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0003092: Resetting password should deactivate current user sessions
DescriptionJust a suggestion, but for your consideration:

If a user changes their password but has another session open (e.g. in another browser or on another machine), they will not be surprised to find the session ended.

If a user changes their password but an attacker has a session open, presumably the user would want the attacker's access restricted.

Finally, if an attacker changes their password but the user has a session open, the user would likely want to be alerted to being locked out of their account.
TagsNo tags attached.
Database engine and version
PHP version
Web server
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2014.06.16 19:13 effigies New Issue
2014.06.16 19:13 effigies browser => any

Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker