Dear All, We are using cloud edition. If I save password once it never log out from browser. Please solve this issue at your earliest. I found If I change user name and password also its always connected. Unless logout from that particular browser
this is an issue with your browser as per your set preferences and has got nothing to do with Manager itself.
Please dont misguide people. Dont write anything without understanding the matter. I asked , If you save user name and password in any browser, That credentials save for forever until you logout from that browser. If you change your password in other browser, the previous saved password still working and not asking the new password to login. So I requested here to Mr Lubos please take care about this issue and set idle time for Auto logout options.
it would have been helpful if you had been more specific with the details the first time.
read the below topic.
Do not mean to offend in any way, but I think you may be misunderstanding the situation @sharpdrivetek.
Authentication with Manager is handled via a cookie labelled ‘session’, and it is the presence of this cookie that allows the user to continue logging in without having to re-enter their credentials.
The web server generally controls the expiry of cookies. It is true that the web browser can override this and choose to clear them sooner, but that’s only if you have control of the browser. If it’s another user, that’s not an option.
From what I can tell, it seems that the session cookie for Manager is set to clear when the browser session ends, possibly using a technique like this:
If the browser session is never considered to end properly (that link says that sometimes Google Chrome does this), the user remains logged in forever.
Consider this example:
- New employee given access to Cloud/Server Edition
- New employee gets fired / sacked
- New employee credentials are modified (change username / password)
- New employee can still log in even though they are no longer at the company (according to what @mmi has written … I have not tested this).
I would recommend using a separate login account for each employee, rather than sharing logins (if you do that). When you want to revoke access for a user, completely delete their account. That should prevent them from logging in again.
@ [ShaneAU] You understand exactly what I mean. Your idea is also good,but there is a problem when as a admin you login to any browser from anywhere (that what people do with online software), by mistake or intentionally if you save your credential in that browser how you will handle it ? Anyone can delete or change your admin user. another matter if your employee leaves your company then you need to create new role for new employees. Which is time consuming again to provide exact role of previous employee. Attention Mr Lubos- Please help in this regard.
@mmi to be clear please confirm one thing.
are you saying that after the user credentials have been modified, a user can still login with the old credentials?
if this is the case, had the user ever been signed out of the remote browser or was kept logged in?
if the user had never signed out of the browser, then there is an option to logout remotely. this has been explained in the topic i had linked to earlier.
i understand it is an issue @lubos need to look into if the user can still login with old credentials even after the user was signed out remotely.
you just need to change the login password in this case.