Vés al contingut principal

Configuració de les galetes

Fem servir galetes per assegurar les funcionalitats bàsiques del lloc web i per a millorar la teva experiència en línia. Pots configurar i acceptar l'ús de galetes, i modificar les teves opcions de consentiment en qualsevol moment.

Essencials

Preferències

Analítiques i estadístiques

Màrqueting

Impersonate user session ending gains admin access

Avatar: AH
AH
The impersonate user session is being used in the towns that we know to provide manual verification at a physical location to a user. A town official will enter the person's details to the impersonation form and then give the computer to the person. This works fine but one potential security issue it brings up is that when the session is ended from the top bar, the current user will gain back the rights to the impersonator's user account. This would be a problem if the impersonator is not closely following what the user is doing on the computer. Many times they are closely following or even assisting the user because this types of users generally have some issues working with the digital systems. I would suggest that after the impersonation session is ended, the user would be asked to enter their password again. This would make it impossible for the impersonation user to gain access to or see something they should not have access to. I wasn't sure if this is on purpose working as it works now, so I decided to post this as a feature proposal. However, this could potentially lead to some problems when there is a higher number of people.
Comentari

Confirmar

Si us plau, inicia la sessió

La contrasenya és massa curta.

Compartir