[
https://issues.apache.org/jira/browse/GUACAMOLE-1994?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Couchman updated GUACAMOLE-1994:
-------------------------------------
Summary: Disabling logins should invalidate current authentication tokens
(was: Break User Session in case userid is disabled by Admin)
> Disabling logins should invalidate current authentication tokens
> ----------------------------------------------------------------
>
> Key: GUACAMOLE-1994
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1994
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole
> Affects Versions: 1.5.5
> Reporter: Tribhuwan Phulera
> Priority: Minor
>
> Hi Team,
> I encountered a situation where a user's ID and password were compromised.
> Upon identifying the issue, I attempted to prevent further incidents by
> navigating to the Users section and checking the "Login Disabled" option. I
> also deleted the active session of the compromised user from the Active
> Session tab, but the sessions continued to be created repeatedly. Ultimately,
> I had to restart the Tomcat server to completely prevent that user from
> accessing the system and it asks to login again after Tomcat Server restart.
> This experience has led me to propose an improvement for the "Login Disabled"
> flag or the implementation of a different feature that allows us to log out a
> user’s current session immediately to address such scenarios effectively.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
