We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

web user can stay logged in if password is changed

    • 21111
    • 2 Posts
    neilc Reply #1, 16 years, 4 months ago
    I’ve created a simple blog using modx - if I log into a web user account (which has an associated user/document group) in more than one place at the same time, then change the password in one place then the other user can still access stuff and post comments etc... I would have expected at the very least the other user to be logged out.

    I am unsure whether this is a bug with modx or my incorrect usage of the web users (though I cannot see anything obviously wrong). Is there an option to only allow a user to be logged in one location at a time?

    If you need any more information about my setup please ask.

    Thanks

    • opengeek Reply #2, 16 years, 4 months ago
      User permissions are stored in session and cleared only when that session ends.
        Jason Coward
        Chief Architect @ MODX
        http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek
        • 21111
        • 2 Posts
        neilc Reply #3, 16 years, 4 months ago
        So is there any way of limiting only one instance of a web user login at any one time?
        • sottwell Reply #4, 16 years, 4 months ago
          It might be possible using the active_users table. Maybe a plugin, using the onBeforeWebLogin event. The plugin would check the username to see if it’s already in use.
            Studying MODX in the desert - http://sottwell.com
            Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
            Join the Slack Community - http://modx.org