Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-47829 Account security improvements META
  3. MDL-47800

Logout user when somebody changes their password

    XMLWordPrintable

Details

    • MOODLE_27_STABLE
    • MOODLE_29_STABLE
    • wip_MDL-47800_m28_pwchange
    • Hide

      1/ repeat these tests with and without the new setting enabled ($CFG->passwordchangelogout)
      2/ try changing somebody elses password
      3/ try changing your password via advanced edit form
      4/ try changing own password via normal form
      5/ try password reset

      If the new setting is enabled all other browser sessions apart from the current one where the new password was specified should be killed.

      6/ run phpunit tests

      Show
      1/ repeat these tests with and without the new setting enabled ($CFG->passwordchangelogout) 2/ try changing somebody elses password 3/ try changing your password via advanced edit form 4/ try changing own password via normal form 5/ try password reset If the new setting is enabled all other browser sessions apart from the current one where the new password was specified should be killed. 6/ run phpunit tests

    Description

      This is quite common in other systems and it might be expected behaviour. This could also improve security a bit.

      Attachments

        Activity

          People

            skodak Petr Skoda
            skodak Petr Skoda
            Frédéric Massart Frédéric Massart
            Dan Poltawski Dan Poltawski
            Marina Glancy Marina Glancy
            Jake Dallimore, Mathew May, Mihail Geshoski
            Votes:
            3 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              11/May/15