[
https://issues.apache.org/jira/browse/GUACAMOLE-1994?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17890915#comment-17890915
]
Nick Couchman commented on GUACAMOLE-1994:
------------------------------------------
[~phuleratribhuwan]: Could you please test with 1.6.0? GUACAMOLE-1723
introduced changes that help enforce access restrictions for logged-in users,
so I'm wondering if it also takes care of the issue you're seeing?
If it isn't resolved with that one, I think this is a perfectly reasonable
request.
> Disabling logins should invalidate current authentication tokens
> ----------------------------------------------------------------
>
> Key: GUACAMOLE-1994
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1994
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole
> Affects Versions: 1.5.5
> Reporter: Tribhuwan Phulera
> Priority: Minor
>
> Hi Team,
> I encountered a situation where a user's ID and password were compromised.
> Upon identifying the issue, I attempted to prevent further incidents by
> navigating to the Users section and checking the "Login Disabled" option. I
> also deleted the active session of the compromised user from the Active
> Session tab, but the sessions continued to be created repeatedly. Ultimately,
> I had to restart the Tomcat server to completely prevent that user from
> accessing the system and it asks to login again after Tomcat Server restart.
> This experience has led me to propose an improvement for the "Login Disabled"
> flag or the implementation of a different feature that allows us to log out a
> user’s current session immediately to address such scenarios effectively.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
