On Tue, 2 Oct 2012 17:23:01 +0100, Tom Evans <tevans.uk@googlemail.com>
declaimed the following in gmane.comp.python.django.user:
>
> I did not say that it was not a desired feature, I said that
> *personally* I would not have that expectation; this may be due to me
> fully understanding how such systems work and, as I indicated, a lay
> person may think differently. Other large commercial systems, for
> instance google apps, do not behave in this manner, so I'm not sure
> where the expectation comes from - can anyone name a public facing
> system that invalidates all other sessions on password change?
>
I'd be more likely to expect any such system to, instead, limit an
account/user to /one/ active session... So the mere act of logging in a
second time should, itself, trigger the shutdown/invalidation of the
earlier session (possibly with a prompt first to give the person a
chance to locate the other session [if it is on the same machine]).
These systems probably also have inactivity time-outs on sessions too.
--
Wulfraed Dennis Lee Bieber AF6VN
wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment