Group: Member
Post Group: Super Member
Posts: 1394
Status:
Open source, web and security passionate
|
For security reason when admin change password in Webuzo all previous session must be closed!
Imagine password can be discovered by someone. If they are already in webuzo and we change password hacker already can do bad things.
Actually when admin change password other open session is not invalided. User see the message the password of webuzo has been changed and if press OK simply the system do the logout only in this session. This no have sense.
You can remove logout function when user press ok. What is the function to logout the admin after password change if all previous open session also from other PC still be valid?
Intact if you change admin password , don't click on ok in the confirmation windows message and click in the webuzo logo you will not be logged out because all old session from all other PC are still valid.
This should be fixed.. when admin change password also all other PC open instance must be closed.
----------------------- PeopleInside
Web, security, open source passionate.
|