lolPasswords View previous topic :: View next topic  


NFOHump.com Forum Index - Site Feedback
Page 1 of 1
Interinactive
VIP Member



Posts: 29405
PostPosted: Mon, 6th Jan 2014 20:56    Post subject: lolPasswords
I knew someone would be working on my work PC yesterday so I changed my password from home... yet... here I am, at work, still logged in even though the password was changed

Is that the right sort of behavior from this old old old old version of PHPBB? I assumed it would have logged me out
Back to top
Stormwolf




Posts: 23492
Location: Norway
PostPosted: Mon, 6th Jan 2014 22:15    Post subject:
It has logged me out many times before when i've logged in somewhere else. Must be something wrong if not.
Back to top
Interinactive
VIP Member



Posts: 29405
PostPosted: Mon, 6th Jan 2014 22:36    Post subject:
⁢⁢


Last edited by Interinactive on Tue, 5th Oct 2021 02:40; edited 1 time in total
Back to top
garus
VIP Member



Posts: 34200
PostPosted: Mon, 6th Jan 2014 22:39    Post subject:
snip


Last edited by garus on Tue, 27th Aug 2024 21:52; edited 1 time in total
Back to top
Hfric




Posts: 12017
PostPosted: Tue, 7th Jan 2014 06:21    Post subject:
its based on cookies , change password and delete cookie...
Back to top
garus
VIP Member



Posts: 34200
PostPosted: Tue, 7th Jan 2014 11:19    Post subject:
snip


Last edited by garus on Tue, 27th Aug 2024 21:52; edited 1 time in total
Back to top
RatKing




Posts: 1212
Location: Nondescript cave in the land of the polar bears, Finland
PostPosted: Tue, 7th Jan 2014 11:31    Post subject:
garus wrote:
The question is: what's inside them.


Chocolate.
Back to top
PumpAction
[Schmadmin]



Posts: 26759
PostPosted: Tue, 7th Jan 2014 11:43    Post subject:
Jupp, your session has to end. As long as you have a valid session your password is not crosschecked. Would you like it to store the server side calculated hash in your local cookie?

=> NFOrce GIF plugin <= - Ryzen 3800X, 16GB DDR4-3200, Sapphire 5700XT Pulse
Back to top
LeoNatan
☢ NFOHump Despot ☢



Posts: 73194
Location: Ramat Gan, Israel 🇮🇱
PostPosted: Tue, 7th Jan 2014 13:46    Post subject:
The server should invalidate all of the user's sessions when the user's password is changed. The browser would then have an invalid session and would require relogin. Session management 101.
Back to top
PumpAction
[Schmadmin]



Posts: 26759
PostPosted: Tue, 7th Jan 2014 14:07    Post subject:
Sure, thats how it should be done.

=> NFOrce GIF plugin <= - Ryzen 3800X, 16GB DDR4-3200, Sapphire 5700XT Pulse
Back to top
Paintface




Posts: 6877
PostPosted: Tue, 7th Jan 2014 17:04    Post subject:
remember when you could get into any gmail if you had a good cookie?
Back to top
Page 1 of 1 All times are GMT + 1 Hour
NFOHump.com Forum Index - Site Feedback
Signature/Avatar nuking: none (can be changed in your profile)  


Display posts from previous:   

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group