Ability to force website users to sign in
When Remember Me/Keep Me Signed In is enabled for the website, and the user selects the Remember Me/Keep Me Signed In option when signing into the Website, there is nothing that forces them to sign in again if their role has been changed. They can return to the website based on their cookies, even though their role has now been changed (example: from Buyer3 to Buyer1). As a result, they can place an order without approval.
Please implement a function to force website users to sign in again when their role has been changed.
Dung Le
shared this idea
-
Thank you for submitting this request!
I would like to clarify that the enhancement we will be reviewing and accepting feedback on is to require re-authentication automatically after user-role change has been altered for active website user(s) (unrelated to keep me signed in or remember me)
We have added this item to our backlog for future consideration and prioritization.
If this is something urgent please know that an admin console user with proper access could 'Set a New Temporary Password' by following these steps:
1. Accessing Administration-> Users-> Website Users -> Locate User
2. Click the triple dot menu
3. Choose Set Temporary Password which will invalidate the user's current password, set a temporary password and require a password change after they sign in.(Edited by admin)
