Vote #75544: Expire all other sessions on password change - redmineorg-copy202205 - Redmine

編集操作

リンクをコピー

Vote #75544

完了

Expire all other sessions on password change

Admin Redmine さんが3年以上前に追加. 3年以上前に更新.

ステータス:

Closed

優先度:

通常

担当者:

カテゴリ:

Security_51

対象バージョン:

2.6.0_81

開始日:

2022/05/09

期日:

進捗率:

90%

予定工数:

Redmineorg_URL:

https://www.redmine.org/issues/17796

category_id:

version_id:

issue_org_id:

17796

author_id:

347

assigned_to_id:

1188

comments:

status_id:

tracker_id:

plus1:

affected_version:

closed_on:

affected_version_id:

ステータス-->[Closed]

引用

説明

To improve user account security, we believe it is a good practice to expire all other active user sessions (on other computers or browsers) once a user changes their password.

Please find attached a patch that implements this feature against current trunk; tests included.

journals

Good practice I think. Same as #17717, I'd like to have some guidance about how we deal with that kind of patch. I didn't test this one but I'll review it and test it when I know what to do.
--------------------------------------------------------------------------------
We can commit this patch now, but I'd like to change the new column to @passwd_changed_on@ instead of @password_changed_at@.
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Added in r13412 with the column name requested by Jean-Philippe, and a minor typo fixed in the test. Thanks!
--------------------------------------------------------------------------------