Hi
I have changed password on a group, but app users that are logged in with old password (they have not got the new yet) can still access and delete files.
What do I need to do? I have restarted nextcloud server, but did not help
Cheers
Erik
as a hip shot ā¦ the session is still valid ā¦
force a new session (force reconnect user/ group)
brNP
1 Like
Thanks, how do I do this? Canāt find any suggestions in help files
Login with the user and delete all sessions.
https://docs.nextcloud.com/server/latest/user_manual/sv/session_management.html
Well unfortunately, as far as I know, this is the only option. However, if you ask me, it should be possible that an admin can do that for specific groups, users or all users via CLI.
If you are hosting accounts for users with a limited trust level, it definitely makes sense to generally restrict the session lifetime on your instance. (no idea how this affects the desktop sync client)
āremember_login_cookie_lifetimeā => 1296000,
āsession_lifetimeā => 3600,
āsession_keepaliveā => false,
āauto_logoutā => true,
1 Like