Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fully authenticated session flag #2915

Closed
robocoder opened this issue Feb 10, 2012 · 1 comment
Closed

Fully authenticated session flag #2915

robocoder opened this issue Feb 10, 2012 · 1 comment
Labels
duplicate For issues that already existed in our issue tracker and were reported previously. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.

Comments

@robocoder
Copy link
Contributor

When a user logs in via the Login form, set a session cookie flag that the user is fully authenticated. Conversely, when a user comes in via a remember me cookie, the flag won't be set again.

In the following scenarios, if the user is not fully authenticated:
@mattab
Copy link
Member

mattab commented Feb 17, 2012

Marking as wont fix/duplicate since I think we should always "Require old password when changing password or email" even if the user just logged in.

Use case: For example, user logs in, leaves computer, attacker changes password 2 minutes later, we should require the old password even if the authenticate cookie would be found.

see #2932

@robocoder robocoder added this to the Future releases milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate For issues that already existed in our issue tracker and were reported previously. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mattab @robocoder