[ENH] User Profile Option To Force Log Out All Instances

Question

[ENH] User Profile Option To Force Log Out All Instances

Closed this issue 3 months ago · 10 comments

thabaum commented 4 months ago

Describe the enhancement

Ability to choose to log out of all logged in instances to force re-logging in from account profile.

Answer 1 · 2024-09-20T16:10:42.000Z

@thabaum you will need to provide more details as I do not understand what you are requesting

Answer 2 · 2024-09-20T16:30:54.000Z

For example, you have been logged in on multiple devices. A way to log them all out simultaneous to ensure they have to all re-sign-in.

Answer 3 · 2024-09-20T16:32:04.000Z

Multiple browsers would test this functionality. as in log into a site with firefox then same username with edge. Log out of one should just log that one out. But if you share that info or feel you have been compromised you might feel the need to ensure all instances of that user being signed in get signed out.

Answer 4 · 2024-09-20T16:33:34.000Z

With the recent enhancements in 5.2.2, if you change your password and Save a new SecurityStamp will be generated which will result in your account being signed out everywhere. So what you are asking for is a button to do the same thing without having to change your password.

Answer 5 · 2024-09-20T17:14:18.000Z

Correct, in security section of your profile generally there is a button to force logout similar to the password reset functionality you described.

Answer 6 · 2024-09-20T17:18:44.000Z

Also, there is usually a notification of anyone logging in from a new device/browser. This helps monitor when/who/where a login may have happened. Remember this device type of feature, probably more associated with 2FA.

This is another feature request possibly if anything so try to keep to just logging out all instances to ensure that if you had logged in on another device somewhere, you can log it out.

Answer 7 · 2024-09-20T17:20:54.000Z

,NET Identity does not keep track of past devices, etc.. used during login

Answer 8 · 2024-09-20T17:26:29.000Z

Can we just put a message in the user notifications "login successful at this IP" and a dev can enhance that to GEOIP WHO IS location information as a thought. Again a second enhancement request that does not need to be this one. The core function of just logging out all instances would be a great first step.

Answer 9 · 2024-09-20T19:21:29.000Z

Added a Logout Anywhere button to the User Profile:

Also added IP Address to logging for Login:

Answer 10 · 2024-09-20T19:52:30.000Z

rock and roll! thanks @sbwalker that should help keep our sites/apps even more secure!