https://bugs.winehq.org/show_bug.cgi?id=52245
Bug ID: 52245 Summary: Add a way to log out all other sessions Product: Wine-Testbot Version: unspecified Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: unknown Assignee: wine-bugs@winehq.org Reporter: fgouget@codeweavers.com Distribution: ---
This security enhancement has been suggested through the TestBot feedback:
--- Currently, there's no way for a user to invalidate all other sessions that are logged in as the same user. Password reset does not log out other existing sessions either.
Since Wine-Testbot is inherently a security-sensitive infrastructure ("arbitrary code execution" in VMs), it might be a good idea to add such an extra security measure to protect accounts. ---
I don't know how often the Wine developers access the TestBot from multiple devices more or less simultaneously. And even more specifically, I'm not sure they expect to remain logged in on other devices when log out on one of them. So maybe this could even be the default.
https://bugs.winehq.org/show_bug.cgi?id=52245
Jinoh Kang jinoh.kang.kr@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jinoh.kang.kr@gmail.com
--- Comment #1 from Jinoh Kang jinoh.kang.kr@gmail.com --- Hi, original author here.
I think it would be sensible to follow what Bugzilla does in this respect:
1. Simply logging in by itself leaves other sessions unaffected.
2. On a successful password reset, other sessions are automatically expired.
3. Bugzilla doesn't seem to provide a list of currently logged in sessions and/or an option to expire them individually. It would be nice to have, but would have lower priority compared to #2.
-
WineHQ Bugzilla