Closed Bug 1578805 Opened 6 years ago Closed 6 years ago

When changing password or enabling 2fa, previous sessions should be revoked in Bugzila

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: dkl, Assigned: dkl)

Details

Attachments

(1 file)

1578805_1.patch 6 years ago David Lawrence [:dkl] 1.73 KB, patch	imadueme : review+	Details \| Diff \| Splinter Review

David Lawrence [:dkl]

Assignee

Description

•

6 years ago

Currently current login sessions are left alone and so any other browsers that are logged in for an account remain logged in. For better security, we should revoke all other login sessions when a password is changed, or 2fa is enabled/disabled.

David Lawrence [:dkl]

Assignee

Comment 1

•

6 years ago

Attached patch 1578805_1.patch — Details — Splinter Review

Attachment #9090537 - Flags: review?(kohei.yoshino)

Attachment #9090537 - Flags: review?(imadueme)

Israel Madueme [:imadueme]

Updated

•

6 years ago

Attachment #9090537 - Flags: review?(imadueme) → review+

David Lawrence [:dkl]

Assignee

Updated

•

6 years ago

Attachment #9090537 - Flags: review?(kohei.yoshino)

David Lawrence [:dkl]

Assignee

Comment 2

•

6 years ago

Will merge right before deployment.

Flags: needinfo?(dkl)

David Lawrence [:dkl]

Assignee

Comment 3

•

6 years ago

Merged to master.

Group: bugzilla-security

Status: ASSIGNED → RESOLVED

Closed: 6 years ago

Flags: needinfo?(dkl)

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

When changing password or enabling 2fa, previous sessions should be revoked in Bugzila

Categories

(bugzilla.mozilla.org :: General, enhancement)

Tracking

()

People

(Reporter: dkl, Assigned: dkl)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Updated

Comment 2

Comment 3

Attachment

General

Description

File Name

Content Type