Add a timeout when entering the user password
Submitted by Laurent Bigonville
With the following scenario, a user can see his default session being changed by a 3rd party and this could be confusing for him.
- A "rogue" user is clicking on a user on the list
- He change the session of the user and leave without pressing escape or cancel
- The user arrive in front of his computer
- He sees that his user is already selected and enter his password
- The session selected by the rogue user is not his default session.
I think that adding a sensible timeout between 2) and 3) could mitigate this issue (without completely fixing it of course)
What do you think?