Currently, if you log into your myBB account from another computer, or your phone, tablet, and hit log out, it only logs you out on that device/browser.
Not the other computers/devices you are logged in from
There should be an option to Destroy all open sessions when you log out, so that it logs you out of all devices.
Or simply, when you hit log out, it destroys all sessions. So you are logged out from everywhere.
I feel this should be implemented as it would increase User Security in some ways.
It would increase security if you aren't logging out on all the public computers you use.
(2013-01-18, 03:52 AM)imtiax Wrote: [ -> ]I feel this should be implemented as it would increase User Security in some ways.
Can you elaborate which ways?
I certainly don't want my home computer to be logged out when I log out on my friend's computer.
I think the OP just means there should be an option. Much like how Windows Live Messenger gives you an option to sign out of the place you're logged into, or every place you're logged into.
It's not a bad idea.
It wouldn't be a bad option, for sure. But OP's post ends with the implication that it should be default behaviour, which would be troublesome.
Agree, shouldn't be default. But optional - why not.
(2013-01-18, 04:21 PM)brad-t Wrote: [ -> ] (2013-01-18, 03:52 AM)imtiax Wrote: [ -> ]I feel this should be implemented as it would increase User Security in some ways.
Can you elaborate which ways?
I certainly don't want my home computer to be logged out when I log out on my friend's computer.
Well, It could be an optional feature, maybe inside UserCP a button called "Log out from all sessions", so they can log out of all sessions if they want.
Many people forget to log out when they login from a public computer.
Interesting Plugin, Thanks I'll take a look at it.
I had an epiphany this week. One of a new standard.
Take any domain and type /logout and you'll destroy all sessions and cookies on the site. No need to fumble around looking for settings or buttons to click.
Examples would be:
mysite.com/logout
domain.com/logout
IMHO that would be an awesome standard that major sites could implement and everyone else would follow suit. It would give end-users and visitors a sure fire simple way to allow logout.
Hope that's not too far off topic.
Quote:Unfortunately the way MyBB sessions work it'd be difficult to do.
How so? Isn't it just:
$db->delete_query("sessions", "*", "uid={$mybb->user[uid]}");
Or how about just update any sessions under that uid and replace uid with 0 so that anyone logged in matches a guest and would force a login.