Board Thread:General Discussion/@comment-294719-20130724192905

Hi all!

So I've been brooding over this for the past few weeks. Wikia is already very secure as wikis go, but being a wiki founder as well as an experienced Wikian, I've been constantly challenging myself over the past few years to find a way to make my wikis safer. So I've come up with the idea for a Session Manager.

Basically, the idea is this: Under the dropdown menu at the top-right of the page, there would be a new entry called "Session Manager." Clicking it would take you to the Session Manager page, where you would be able to view all sessions currently logged into your Wikia account.

Data for each session would include:


 * The IP number for the session The Session ID for the session.
 * The Session ID would be automatically generated the first time someone logs in from a given location.


 * The name of the city where the IP is


 * Whether the person logged into the account has visited another Wikia page in the last 30 minutes


 * The name of the last Wikia wiki the user logged into the session has visited

Next to each session's entry, there would be a check box, and once one mor more of these are ticked, the "Kick" button at the bottom of the page would become active.

Safety features

 * Kicking a session would require the person doing the kicking to type the account's password.


 * The first session to log into a given account would be tagged as the "owner" of the account, and its IP number and other crucial data would be stored remotely on Wikia's servers, so that the owner of the account would be unable to be kicked. The original owner of the account would be able to give owner privileges to up to 4 other sessions.


 * Only users logged into sessions marked as "owner" would be able to kick other users from the account, and owner sessions would never be able to be kicked, even by other owner sessions.


 * Once a user has been kicked, they would not be able to log into the account they were kicked from for the time specified by whoever kicked them.


 * An option would exist for users logged into owner sessions to only allow others to sign into their account when there is at least one owner session active. Anyone trying to login from another session would be unable to do so.


 * To prevent someone from being locked out of their account in this case, there would be a button on the sign-in dropdown to "Reset account ownership status," remvoing data for all sessions marked as "owner" for a given account. Using the password retrieval system would reset ownership status as well.


 * A password would be required to reset ownership status using the button.


 * On the "Forgot password" page, ownership status would only be reset after the user clicks the link in the email.

As you can see, I've been poring over this for quite some time. While I realize it would be difficult to implement, I think the added layer of security would be worth it. Here's hoping someone involved with Wikia notices this thread. Cheers! 