Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
Ask a Question

Security bug in q2a

+5 votes
796 views
in Q2A Core by

when the user changes his password his account still logged in another browser. If someone hacked my password there is no way to protect the account from hackers.There should be a option to log out of all sessions.

by

2 Answers

0 votes
by
edited by

It should work for you now.Replace the 232 no line of qa-include/pages/account.php with the code.

if (qa_is_logged_in()) {

 qa_set_logged_in_user(null);

} // remove the session for the user.

by
Where is "password changing section" that I can put this function in?
by
Could be that this will not work anyways, see: https://stackoverflow.com/q/6472123/1066234
+1 vote
by
I posted a reply on the GitHub issue: https://github.com/q2a/question2answer/issues/824#issuecomment-654363679

The short version is that Q2A already implements this, however due to the way web browsers work now the sessions may not actually expire. I'll work on a way to solve it for the next version of Q2A.

Welcome to the Q&A site for Question2Answer.

If you have a question about Q2A, please ask here, in English.

To report a bug, please create a new issue on Github or ask a question here with the bug tag.

If you just want to try Q2A, please use the demo site.

Related questions

Categories

Snow Theme by Q2A Market
Powered by Question2Answer
...