Welcome, Guest
Username: Password: Remember me

TOPIC: Force session change/logout after password change

Force session change/logout after password change 11 Sep 2019 21:51 #525

  • Rob
  • Rob's Avatar
  • Offline
Dear Nikolay,

Thank you for your message. I have answered your question by email also (on 10th Sept) and I will repeat here the contents of my email answer:

I assume that you are looking for an application that will resolve the problem with a compromised site, as described in the github issue that you quoted.
I wonder if logging out all sessions when a password is changed will solve the problem, because if the 'hacker' is logged in at the same moment that you are logged in (and using your account), then your session will be aborted when the hacker changes the password and you will not be able to log in again.
I have posted a comment to this extend with the post on github and I am curious to see the reaction(s).

Almost everything can be made (i.e. coded), but....
(1) The requested function is not in line with the principal purpose of the Login One! plug-in, which is to prevent multiple concurrent log-ins with the same user account.
(2) A new plug-in could be created which does the job. This is a time-consuming exercise of which the costs must be justified by: (A) the potential of selling the extension to a wider public, or (B) by charging a development fee (partly or whole). At the moment, we have no plans to develop such extension.

I hope this answers - for now - your question.

Force session change/logout after password change 11 Sep 2019 17:59 #524

  • Nikolay Tsvetkov
  • Nikolay Tsvetkov's Avatar
  • Offline
Hi
I have Login One! Business and i have one question. Right now when the user change his password he is not logged out from the session. This is what i'm talking about

github.com/joomla/joomla-cms/issues/19994

Can you implement this in to your plugin and how difficult this is going to be?

Thank you
Fight spam klick here