Session invalidation when changing password #2028
Unanswered
fballiano
asked this question in
Questions & Answers
Replies: 2 comments
-
|
In my opinion, old sessions should be invalidated after a password is changed. I think this may be possible without even re-authenticating the customer? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I think I read about such an issue not so long ago. may have even been in a PR. I personally consider that when someone changes the password the session must end and a new login would be required. I did not analyze in detail but this is the first idea that comes to me at the moment for security purposes. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi everybody, I've received this email:
do you think it makes sense? should it be considered a bug?
Beta Was this translation helpful? Give feedback.
All reactions