Andrew Daviel-3 wrote: > > > We had a user account compromised somehow (bad guys got the password). > > The user has changed their password. > How can I kick off any logged-in sessions and make sure they can't login > without knowing the new password ? > Spammer will be kicked out, if he or she tries to open any page with imap authentication. Left folder listing, mailbox listing, message display or sending message and saving it in Sent folder will destroy session. If you want to be sure, find old PHP session files with compromised username and delete them. -- Tomas -- View this message in context: http://old.nabble.com/Forcing-a-logout-%28invalidating-current-session%29-tp26134755p26135494.html Sent from the squirrelmail-users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
