[MDL-47800] Logout user when somebody changes their password - Moodle Tracker

XML

Word

Printable

Affected Branches:
MOODLE_27_STABLE
Fixed Branches:
MOODLE_29_STABLE
Pull from Repository:
https://github.com/skodak/moodle.git
Pull Master Branch:
wip_~~MDL-47800~~_m28_pwchange
Pull Master Diff URL:
https://github.com/skodak/moodle/compare/master...wip_MDL-47800_m28_pwchange
Testing Instructions:

Hide

1/ repeat these tests with and without the new setting enabled ($CFG->passwordchangelogout)
2/ try changing somebody elses password
3/ try changing your password via advanced edit form
4/ try changing own password via normal form
5/ try password reset

If the new setting is enabled all other browser sessions apart from the current one where the new password was specified should be killed.

6/ run phpunit tests

Show
1/ repeat these tests with and without the new setting enabled ($CFG->passwordchangelogout) 2/ try changing somebody elses password 3/ try changing your password via advanced edit form 4/ try changing own password via normal form 5/ try password reset If the new setting is enabled all other browser sessions apart from the current one where the new password was specified should be killed. 6/ run phpunit tests

This is quite common in other systems and it might be expected behaviour. This could also improve security a bit.

will help resolve

MDL-58353 Empower users to be able to log out other sessions during password reset

Participants:: CiBoT, Dan Poltawski, Frédéric Massart, Helen Foster, Marina Glancy, Mary Cooch, Petr Skoda

Component watchers:: David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo