User session security
Whenever a change in user profile occurs, the user must be signed out from all sessions.
Through web applications, it might be possible for external hackers to mishandle user sessions and cookies or introduce vulnerability threats into a system if user profile changes are not managed effectively.
Application users can be classified as follows:
- Locally managed users
- Non-local (LDAP-managed) users
- Single rack environment
- On a single rack environment, for local users, passwords are locally managed on the rack. Therefore, updating the password of a local user also results in all user sessions (including the current session) to sign out. Since the passwords for LDAP users are managed outside the application, user sessions might not be signed out by the application on password change.
- Multi rack environment
- On a multi rack environment, usage of local user accounts is less likely. However, the behavior of local account sessions remains the same as in a single rack environment. A local account that exists on a multi rack environment might not necessarily exist on the paired rack environments. For an LDAP user on a multi rack environment, changes to a user profile are not immediately reflected on other paired racks.