We have an app where we require users to change there HTTP passwords.
If we use code to change the password direct in the NAB the user will remain logged in for a small amount of time then they will be asked for authentication.
If we use the domino special forms and set the domcfg.nsf the old and the new password can be used and the user remains logged in. This is great unless the user believes their password has been compromised. In which case you wouldn’t want the old password to remain available. If we change the notes ini settings for the HTTP_PWD_CHANGE_CACHE_HOURS to 0 we are back to the problems above.
One option we looked at was to instantly logout the user, and ask them to re-authenticate after the password change. However the new password does not work for a period of time while domino updates caches.
We have even tried to issue console commands to speed up this re-caching but still the password is not available:-
//consoleReturn = session.sendConsoleCommand( dbNAB.getServer(), “load updall names.nsf -R” );
//consoleReturn = session.sendConsoleCommand( dbNAB.getServer(), “show nlcache reset” );
//consoleReturn = session.sendConsoleCommand( dbNAB.getServer(), “tell http clearcaches” );
//consoleReturn = session.sendConsoleCommand( dbNAB.getServer(), “tell adminp process all” );
So what I am asking is.
In domino is there a way that a user can change their HTTP password stay authenticated but prevent the old password form working instantly (a tiny delay would be acceptable)
Or alternatively can we force a new password to be instantly available so after a password change we could force authentication.