Administration security extensions

Question 1

Recently I had some serious issues with security. I felt few features might have improved situation.

In Admin panel,

A Button "Logout All users" - which will magically sign-out all logged-in users
Select session cookie name - This can be changed to bypass already logged-in users with 'Remember' option.
Reset password for range of users with random-complex string & send mail to user

I am not sure how many of these are feasible, but good to have in 1.8

Question 2

I'm not sure it makes sense for those to be core features as they are not applicable to many users. They could be implemented as plugins though.

For example, to log out all users you would need to reset the sessioncode for each user in qa_users.

Question 3

And then remove the already existing sessions (in that order). Otherwise, already logged in users will stay logged in.

Scott · Answer 1 · 2016-12-16T16:10:09+0000

I'm not sure it makes sense for those to be core features as they are not applicable to many users. They could be implemented as plugins though.

For example, to log out all users you would need to reset the sessioncode for each user in qa_users.

And then remove the already existing sessions (in that order). Otherwise, already logged in users will stay logged in. — pupi1985, Dec 16, 2016

Administration security extensions

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Categories

Administration security extensions

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Related questions

Categories