Session management issue

  • Hi,

    I have a question and probably found a bug / potential security vulnerabilities..

    I’m using WooCommerce and i’m logged in two devices, on the second device I’m changing the email (my account woocommerce page) and unfortunately on other devices I’m still logged in, so potential hacker can still have my session even after the email is changed..

    If I change the password I’m logged out from other devices, is it possible to add this feature to the plugin, that when I change the email, other sessions will be terminated?

    Thanks,
    Piotr

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    Changing the user’s email address does not terminate user sessions. It’s not a bug or a security issue per se. It makes sense to terminate other sessions as an additional security measure. But on the other hand, doing that automatically can lead to unforeseen consequences and a bad user experience since users do not expect that. That’s why you have a “Log Out Everywhere Else” button on the profile page in the WordPress dashboard. So adding such a button to the WooCommerce account page is the right way, I think.

    Thread Starter Piotr Kunicki

    (@kuperman87)

    Hi Gregory,

    Thanks for the answer.. Is it possible to add this “Log Out Everywhere Else” button to WooCommerce account page? Any shortcode or a function?

    Thanks,
    Piotr

    Plugin Author gioni

    (@gioni)

    There are no options for a shortcode. It has to be a code snippet. I think this feature will be implemented in the upcoming version of WP Cerber.

    Thread Starter Piotr Kunicki

    (@kuperman87)

    Hello,

    I can see the new version of WP Cerber is released.. where can I find the code snippet with the “Log Out Everywhere Else” feature?

    Thanks,
    Piotr

    Thread Starter Piotr Kunicki

    (@kuperman87)

    Hi @gioni any news regarding my issue?

    Thanks,
    Piotr

    Plugin Author gioni

    (@gioni)

    Hi! It’s not implemented yet.

    Thread Starter Piotr Kunicki

    (@kuperman87)

    Hi @gioni any news? Is this function available in latest release?

    Thanks,
    Piotr

    Plugin Author gioni

    (@gioni)

    Please stay tuned. It will be implemented soon.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Session management issue’ is closed to new replies.