No session termination on password change?

saifudeen · ‎04-12-2017

Steps to create the scenario.

1. Login to Desktop version using existing credentials.
2. Do password reset on your mobile app account and login to mobile version with new credentials.
3. Upload some files / photos to Dropbox Mob App.
4. It will still sync the photos to the desktop version which I have not updated the latest password.

Though there is an option to unlink the devices manually, shouldn't it terminate all other existing sessions with a password reset for security reasons?

Rich · ‎04-12-2017

saifudeen wrote:

Though there is an option to unlink the devices manually, shouldn't it terminate all other existing sessions with a password reset for security reasons?

No, it shouldn't. Your password is only used to link the computer to your account. After that link is established, a secure token is used for authentication. Changing your password has no affect on the token, by design. To stop a device from syncing with your account, you need to unlink it.

saifudeen · ‎04-12-2017

That's not a solution. I am changing my dropbox account password - which meant to terminate the other sessions automatically, so the devices which has my old passwords will not sync.

Currently I need to manually revoke the access of all the devices linked. If this is your design, its a flaw.

Rich · ‎04-12-2017

saifudeen wrote:
That's not a solution.

Unlinking the devices is the solution.

I am changing my dropbox account password - which meant to terminate the other sessions automatically, so the devices which has my old passwords will not sync.

But that's not what changing your password is meant to do. That's what you want it to do, but that's not what it does or what it's meant to do. Your password is only used to link new devices and to log in to the website. Your password has nothing to do with the syncing operation of connected devices. It's not even used for syncing.

Currently I need to manually revoke the access of all the devices linked. If this is your design, its a flaw.

This is how it's meant to operate. As such, it's not a flaw. And it's not my design; it's Dropbox's.

saifudeen · ‎04-12-2017

Hey Bro,

I mistook you're dropboxer - apologies!

I reached out their support service directly and it's under tech team review. Shall update here as well when I hear from them.

Good day.

Saif

Ed · ‎04-24-2017

[This thread is now closed. If you have a similar or new question, you can ask here: https://www.dropboxforum.com/t5/forums/postpage/category-id/101001000]

Ed G
Community Manager @ Dropbox
https://dropbox.com/support

Did this post help you? If so please mark it for some Kudos below.
Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
Still stuck? Ask me a question! (Questions asked in the community will likely receive an answer within 4 hours!)

No session termination on password change?

No session termination on password change?

Re: No session termination on password change?

Re: No session termination on password change?

Re: No session termination on password change?

Re: No session termination on password change?

Re: No session termination on password change?

Work Smarter with Dropbox

Top contributors to this post