Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-47829 Account security improvements META
  3. MDL-47800

Logout user when somebody changes their password

    XMLWordPrintable

Details

    • MOODLE_27_STABLE
    • MOODLE_29_STABLE
    • wip_MDL-47800_m28_pwchange
    • Hide

      1/ repeat these tests with and without the new setting enabled ($CFG->passwordchangelogout)
      2/ try changing somebody elses password
      3/ try changing your password via advanced edit form
      4/ try changing own password via normal form
      5/ try password reset

      If the new setting is enabled all other browser sessions apart from the current one where the new password was specified should be killed.

      6/ run phpunit tests

      Show
      1/ repeat these tests with and without the new setting enabled ($CFG->passwordchangelogout) 2/ try changing somebody elses password 3/ try changing your password via advanced edit form 4/ try changing own password via normal form 5/ try password reset If the new setting is enabled all other browser sessions apart from the current one where the new password was specified should be killed. 6/ run phpunit tests

    Description

      This is quite common in other systems and it might be expected behaviour. This could also improve security a bit.

      Attachments

        Activity

          People

            skodak Petr Skoda
            skodak Petr Skoda
            Frédéric Massart Frédéric Massart
            Dan Poltawski Dan Poltawski
            Marina Glancy Marina Glancy
            David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
            Votes:
            3 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              11/May/15