SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    622
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Do you auto logout after password change

    hi all

    Do you make your clients auto logout immediately after they change password ??

    vineet

  2. #2
    SitePoint Addict kduv's Avatar
    Join Date
    May 2012
    Location
    Atlanta, GA
    Posts
    244
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    That's really your choice. How do you want your site to work?

  3. #3
    SitePoint Evangelist
    Join Date
    May 2006
    Location
    Austin
    Posts
    401
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    What would the benefit, security or otherwise, for forcing a re-login? They've already authenticated, so it seems like an unnecessary inconvenience under normal circumstances.
    Merchant Equipment Store - Merchant Services, POS, Equipment, and supplies.
    Merchant Account Blog | Ecommerce Blog

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,861
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    I can't see any benefit in forcing them to enter the new password a third time straight after entering it the first two times.

    I do require that the old password be re-entered when entering a new password even though they are already logged in - so as to prevent someone else changing their password if they leave the session unattended.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    SitePoint Guru bronze trophy TomB's Avatar
    Join Date
    Oct 2005
    Location
    Milton Keynes, UK
    Posts
    996
    Mentioned
    9 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by felgall View Post
    I can't see any benefit in forcing them to enter the new password a third time straight after entering it the first two times.

    I do require that the old password be re-entered when entering a new password even though they are already logged in - so as to prevent someone else changing their password if they leave the session unattended.
    I agree. I also think it's a good idea to force a password entry to update their email address. Otherwise someone could change the email address and then use 'Forgot password' to reset it, gaining access to the account without ever knowing the password.

  6. #6
    Non-Member Wisestepp's Avatar
    Join Date
    Aug 2012
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I want the php code for clients auto logout immediately after they change password

  7. #7
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Wisestepp View Post
    I want the php code for clients auto logout immediately after they change password
    Everyone would want a lot of things, but we rarely get them when we demand. Please see: Manners.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  8. #8
    SitePoint Guru bronze trophy
    Join Date
    Dec 2003
    Location
    Poland
    Posts
    930
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by vinpkl View Post
    Do you make your clients auto logout immediately after they change password ??
    Not on the computer (session) they have just entered the new password. But if I have an auto-login feature - a "remember me" checkbox so that the user's session cookie is stored for a longer period of time on his computer then there may be a situation where he has open sessions on many computers. After changing his password I always invalidate all those sessions except the current one. I think this is important if someone changes their password because of unauthorised access suspicion - they will want to be sure that no one can access their account without entering the new password first.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •