undefined | Better HN

0 pointsgaius8y ago0 comments

To force a reinitialisation of all security contexts. Same reason that many websites make you log in again immediately after changing your password (which interestingly Windows doesn’t)

Historically (Windows 95 and earlier) reboots were required to reload DLLs and so on but that’s not really true anymore. Still a lot of installers and docs say to reboot when it’s not really necessary as a holdover from then

0 comments

lucb1e8y ago

I was under the impression that the reason is what u/beagle3 mentions (in a sibling comment to yours): open system files. I'm curious to see your comment on what he describes, as what you mention (reloading some security context) does not seem to be the whole truth. That websites make one log in again after changing your password has nothing to do with this.

gaiusOP8y ago

That websites make one log in again after changing your password has nothing to do with this.

No it is exactly the same principle: something has changed therefore invalidate all existing contexts. Far less error prone than trying to recompute them, what happens e.g. if a resource has already been accessed in a context that is now denied? Security 101.

lucb1e8y ago

I don't see how changing my password changes a "security context". I don't suddenly get more or fewer permissions.

As for logging other places out, that's a design choice. People change password either because they routinely change theirs (they either need to or choose to), or because of a (suspected) compromise. In the latter case you'll probably want to log everyone else out (though, who says you're logging out the attacker and not the legitimate user?) and in the former case you shouldn't (otherwise changing your password becomes annoying and avoided). The interface for changing the password could have a "log out all sessions" checkbox or it could just be a feature separate from changing your password.

No, it's not as simple as you put it. No need to condescendingly pass it off as "security 101".

j / k navigate · click thread line to collapse

0 pointsgaius8y ago0 comments

To force a reinitialisation of all security contexts. Same reason that many websites make you log in again immediately after changing your password (which interestingly Windows doesn’t)

0 comments

lucb1e8y ago

gaiusOP8y ago

That websites make one log in again after changing your password has nothing to do with this.

lucb1e8y ago

I don't see how changing my password changes a "security context". I don't suddenly get more or fewer permissions.

No, it's not as simple as you put it. No need to condescendingly pass it off as "security 101".

j / k navigate · click thread line to collapse