We'll look into this -- changing the password should invalidate old "saved sessions" from the database. It sounds like we might have overlooked that detail. But we still need to confirm on our end.
Web site, change LimeLM password log out other instancesSolved
caglarHello,
We have changed the password of the web site administrative user. But the old cookies still can be accepted the authantication.
Schenario is something like this.
We have x user, many user use this username for authantication. We changed the password, but since "remember me" is clicked on the other users browser, the other users can use this account even these guys did not know the new password.
How can we prevent this ?
We've changed the behavior so that if you have multiple machines logged in and you change the password on one of the machines, all the other machines will be booted off and will have to log in again.
Also, it sounds like you have different people sharing the same user account. You can actually create new username as described here: https://wyday.com/limelm/help/add-users/
caglar"Also, it sounds like you have different people sharing the same user account."
Actually not, things did not going on what you think. The support guy took the password from us and he use this account to solve some problems in customer's machine. That's why we want to change the password in a first point. Coz we toke a lot of bad feed back from customer because of the old version of Turbo Activate. Such as, If the customer's machine change the network adapter from wifi to ethernet, turbo activate droped the activation on client's machine. We have to drop activation from the web site and reactivate from the clients machine. Of course this happened before the new version. The story is to long, but we have to share the password because of the old version issue of Turbo Activate. New version solved this problem.
Anyway ... According to your solution that you suggest, the problem is not solved. If we authanticate from another compiture and click the remember me, we can relogin from that compiture over and over again even if we change the password. Did you check this schenario ?
Yes, we've checked this scenario and everything is working as expected. If you change the password for an account in LimeLM it will log out all other browsers and machines that were logged in using that username.
Note: it doesn't erase the old cookies from those other machines, but the "remember me" cookies will be useless.
If you're still having problems then can you tell us step-by-step what you're doing, what you're getting, and what you expect to get.