https://stackoverflow.com/questions/13223839
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianStoring a timestamp of the last time password got changed inside request.identity['userdata'] should make possible to check it whenever the user gets back and log him out if it's different from the last time the password got changed for real.
Remove all user's cookies/sessions when password is reset
-
27-11-2021 - |
题
I'm interested in improving security of my TurboGears 2.2 application so that when user changes his password, it logs him out from all sessions and he must login again. The goal is when user changes password on browser 1, he must relogin on browser 2, too. Experiments show that this is not the case, especially if browser 2 had "remember me" enabled.
It's standard quickstarted app using repoze.who. It seems maybe I need to change AuthTktCookiePlugin, but don't see a way to do it without much rewiring.
解决方案
不隶属于 StackOverflow
