Project

General

Profile

Feature #28342

Invalidate Active Sessions when User Password Changed

Added by Marek Hulán 4 months ago.

Status:
New
Priority:
High
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1650684

Description of problem:

When a user's password is changed, all active sessions/activity that a user has on the Satellite remain active. This causes a concern for when a user is terminated from their organization and needs to have their access revoked immediately. It should be possible to immediately stop all sessions/activity upon a password change.

Version-Release number of selected component (if applicable):

6.3.2

How reproducible:

Always

Steps to Reproduce:
1. Have a user login to the satellite and start doing things.
2. Have an admin change the users password.
3.

Actual results:

The user remains logged in and activity they have started remains active.

Expected results:

User is immediately logged out and their activity is stopped.

Additional info:

Also available in: Atom PDF