These recommendations are from @jlfranklin:
I think we should start by adding a way to explicitly expire other sessions, with permissions for admins to expire a single user's sessions and for a user to expire their own. if there is a contirb module that already adds a "logout other devices" buttons, we should consider pulling it into core. If not, it's a simple enough thing to write.
I don't think the right thing to do is to simply delete all sessions on password save. There should be some more administrator control over this. As a starting point, I'll propose this:
- Add a setting to the user or system modules (user.expire_sessions_on_password_change or similar), defaulting to TRUE.
- Add code to conditionally expire sessions on password change.
- Add an "Advanced Security" module that exposes the setting with a description detailing the risk.
- The "Logout other devices" button could be added to the Advanced Security module, too.
GitHub Issue #:
5545
Recent comments
Hi! The description is still very vague and lacks step-by-step instructions on how to reproduce. It doesn't include the version of Backdrop either, nor a list of contrib modules you are using...
Problems with HTML content and text formats
Sorry, it did seem confusing when I read it back... So if I add some html to a text field, for example in a page or a block, whatever the text format of the field may be (raw html or basic...
Problems with HTML content and text formats
Could you please post clear, step by step instructions to reproduce the problem? Your first message refers to HTML content, and your second to text formats. Please add details to reproduce each...
Problems with HTML content and text formats