Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow users to remotely terminate login sessions #237

Open
GoogleCodeExporter opened this issue May 31, 2015 · 1 comment
Open

Allow users to remotely terminate login sessions #237

GoogleCodeExporter opened this issue May 31, 2015 · 1 comment
Labels
auto-migrated Priority-Medium Type-Enhancement

Comments

@GoogleCodeExporter
Copy link 

We should allow users to log themselves out of Plans remotely.

Proposed implementation: modify SessionBroker.php to use the user's password 
hash as part of the string used to sha1-sign cookies. This way, if a user 
changes their password (even to the same thing: crypt() password hashes are 
salted, and two crypt() hashes of the same string are extremely unlikely be 
identical) they will be logged out everywhere. changepassword.php should also 
be modified to bake a new session cookie for the user when they change their 
password, so they aren't forced to log in again.

Original issue reported on code.google.com by [email protected] on 3 Jun 2012 at 4:51
@GoogleCodeExporter
Copy link
Author 

Sounds good. Go for it.

Original comment by thatha7777 on 4 Jun 2012 at 6:57

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter