User expectation – What to do when recovering the password if the device is already logged in?

For example, suppose a user requests password recovery on a computer. Our system then sends an e-mail with a unique link to restore the account.

Note, however, that the user receives this e-mail and opens it on their mobile phone (or other device). He clicks on the link, but is already logged in to this device as another account.

So the naive implementation is that the user gets a password recovery while already logged in, Maybe to another account. This feels embarrassing and not intuitive: but I can not really decide on the right course of action. I see several options and wonder what follows the principle of least astonishment:

  • Should the current behavior be retained and a logged in user be able to change the password for another user?
  • Should the current session be invalid / the user be logged out when the password recovery link is opened?
  • Should the link just "not work" (forbidden error?) When trying to open on a device that a user has already logged in to?

And would this behavior change if the request is for the "same" user? (IE on the other device on which it is already logged in, one asks for a password)?

syslog – constantly – start session 58576 of the user root?

I see that my syslog is constantly being polluted by this kind of news.
how is it done?
Many Thanks

May 23 21:12:26 HOSTNAME systemd[1]: Session 58576 of the user root starts.
May 23 21:12:26 HOSTNAME systemd[1]: Session 58576 of user root started.
May 23 21:12:26 HOSTNAME systemd[1]: Session 58577 of the user root starts.
May 23 21:12:26 HOSTNAME systemd[1]: Session 58577 of user root started.
May 23 21:12:27 HOSTNAME systemd[1]: Session 58578 of the user root starts.
May 23 21:12:27 HOSTNAME systemd[1]: Session 58578 of user root started.

The Ubuntu 18.04 boot will start flashing when the NVIDIA persistence daemon loads and the c3 session of the gdm user starts

I've been using Ubuntu 18.04 for my machine / in-depth learning and have had issues with getting the NVIDIA drivers to work with Ubuntu loading in the past. I have never enabled the graphical login for use with nvidia drivers. So I deactivated it first and logged in on a black screen with my encrypted password. After that, the graphical user interface is loaded and I can log in to my account. I am new to Linux in general and therefore generally only follow the advice I find on this site when I come across a mistake.

Starting this morning, after entering the encryption password, you will have the following startup options:

# Start NVIDIA persistence daemon [OK] Launched the NVIDIA persistence daemon [OK] Launched session c3 of user gdm & # 39;

and then the screen just flashes black and back to the text and repeats this cycle. I tried pressing Alt + F2 to log in this way, but I can type in one letter before blinking and reset myself twice.

Other information:

1) Ubuntu PostgreSQL Cluster @ 10-main and 9.5 main can not boot while booting (I have not seen that before)

2) When last night's shutdown, there was a problem running a stop job (time / unlimited) that I just ignored.

Any suggestions for rectification?

tls – How do ISPs send their own pages when a user tries to access a blocked site?

I know some ISPs send blocked pages (such as "This site was blocked because …") over HTTP by sending a fake 301/230 redirect.

I also know that some ISPs just send RST instead of a blocking page to end the connection or do bad things with DNS when they block an HTTPS site.

But can you send a block page via HTTPS? And if possible, I'd like to know some other methods for blocking websites (both HTTP and HTTPS).