Blog Sections Open
Logging Out All Web Users After a Security Event
An operational note on forcing all web users to sign in again when a site experiences a security issue or a session reset is needed.
Evolution CMS includes manager tools for clearing locks, but a different kind of maintenance question appears after incidents and critical updates: how do you force all website users to sign in again?
Why you might need this
- a compromised account or leaked session data
- a password policy reset
- a login flow update
- moving a site to a different authentication strategy
What “log everyone out” really means
For web users, logout usually means invalidating the session state that keeps them authenticated. Depending on the stack, that can involve:
- clearing server-side session storage
- rotating a session secret or cookie key
- removing persistent remember-me tokens
- forcing the login snippet or package to reject old sessions
If login is built with FormLister
FormLister may handle the login form, but the important part is still the underlying web-user session. The exact reset method depends on how the project stores login state.
Recommended operational approach
- identify where web-user sessions are stored
- invalidate or purge active sessions
- clear application cache if the login flow caches user-specific output
- notify users if they need to sign in again
There is no one-button universal “logout every web user” tool in every project, but the goal is clear: invalidate the active session layer, not just the content cache.
Getting URLs for All Child Resources Inside a Container
Generate a full list of child resource URLs in Evolution CMS, including unpublished descendants when you need them.
Fixing templatealias SQL Errors After Updating from Evolution 1.4.5 to 2.0.2
How to understand and fix templatealias SQL errors after moving from Evolution 1.4.5 to 2.0.2.