Users can still access and delete files after password change

Hi

I have changed password on a group, but app users that are logged in with old password (they have not got the new yet) can still access and delete files.

What do I need to do? I have restarted nextcloud server, but did not help

Cheers
Erik

as a hip shot … the session is still valid …
force a new session (force reconnect user/ group)

brNP

1 Like

Thanks, how do I do this? Can’t find any suggestions in help files

Login with the user and delete all sessions.

https://docs.nextcloud.com/server/latest/user_manual/sv/session_management.html

Well unfortunately, as far as I know, this is the only option. However, if you ask me, it should be possible that an admin can do that for specific groups, users or all users via CLI.

If you are hosting accounts for users with a limited trust level, it definitely makes sense to generally restrict the session lifetime on your instance. (no idea how this affects the desktop sync client)

‘remember_login_cookie_lifetime’ => 1296000,
‘session_lifetime’ => 3600,
‘session_keepalive’ => false,
‘auto_logout’ => true,
1 Like