Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-47829 Account security improvements META
  3. MDL-47800

Logout user when somebody changes their password

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      1/ repeat these tests with and without the new setting enabled ($CFG->passwordchangelogout)
      2/ try changing somebody elses password
      3/ try changing your password via advanced edit form
      4/ try changing own password via normal form
      5/ try password reset

      If the new setting is enabled all other browser sessions apart from the current one where the new password was specified should be killed.

      6/ run phpunit tests

      Show
      1/ repeat these tests with and without the new setting enabled ($CFG->passwordchangelogout) 2/ try changing somebody elses password 3/ try changing your password via advanced edit form 4/ try changing own password via normal form 5/ try password reset If the new setting is enabled all other browser sessions apart from the current one where the new password was specified should be killed. 6/ run phpunit tests
    • Affected Branches:
      MOODLE_27_STABLE
    • Fixed Branches:
      MOODLE_29_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      wip_MDL-47800_m28_pwchange

      Description

      This is quite common in other systems and it might be expected behaviour. This could also improve security a bit.

        Attachments

          Activity

            People

            • Votes:
              3 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/May/15