Tribhuwan Phulera created GUACAMOLE-1994:
--------------------------------------------
Summary: Break User Session in case userid is disabled by Admin
Key: GUACAMOLE-1994
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1994
Project: Guacamole
Issue Type: New Feature
Components: guacamole
Affects Versions: 1.5.5
Reporter: Tribhuwan Phulera
Hi Team,
I encountered a situation where a user's ID and password were compromised. Upon
identifying the issue, I attempted to prevent further incidents by navigating
to the Users section and checking the "Login Disabled" option. I also deleted
the active session of the compromised user from the Active Session tab, but the
sessions continued to be created repeatedly. Ultimately, I had to restart the
Tomcat server to completely prevent that user from accessing the system and it
asks to login again after Tomcat Server restart.
This experience has led me to propose an improvement for the "Login Disabled"
flag or the implementation of a different feature that allows us to log out a
user’s current session immediately to address such scenarios effectively.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
