On multiple forums, both Discourse hosted and self-hosted (outdated version), I am consistently receiving the popup saying, “You were logged out.” However, I have no details as to why I was logged out, and no moderation has been active in the past few days. I assume my password has been leaked, but I can’t be sure. I think that when you get the popup saying, “You were logged out,” it should include who logged you out along with if they were on your account, giving you the device location and recording an undeletable log accessible from the user’s profile with their IP address. This way, it is easier to tell why you are logged out and whether or not you were hacked.
4 לייקים
Could you please elaborate on this statement?
לייק 1
An admin is able to log out any user by going to their Preferences - Security tab and clicking ‘log out all’ or by selecting a specific device from this user and selecting the log out option.
I don’t think it’s a good idea (nor legal) to leak the admins IP address to the user,
but it would certainly be good if the user knew it was an admin who logged them out, or if it was someone who compromised their account.
It’s basically answering the “what happened??” question raised by the popup.
2 לייקים
Yes, definitely. I was unclear but what I meant was if someone who is logged into your account and logs you out it will give you their IP address (or location). If the location is shown as unknown or as a place that could not possibly be anyone you know, you will know your password was leaked or your account was compromised. If it’s the same location as you are and isn’t a major city, that can tell you it’s someone you know and you need to be more careful in making sure they don’t get access to your passwords. That might not be the best idea but at least something telling why you were logged out/who logged you out would be helpful.