There are actually three questions / issues in the original post of @n0plan:
-
Is steeling a session and log in with it on another browser / computer possible with Nextcloud? (as shown in the video)
Simple answer: Yes, it is.
-
The config.php loses the additional configuration parameters, which should mitigate the risk that someone can use a stolen session token. For this issue OP already created a separate thread: Forum Link: Config.php loosing entries
Not sure why this is happening, but but if someone has any ideas that might help with this, this person can reply in the other thread.
-
A feature to kick / logoff all users
Has been answerd by @ernolf