Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

delete tokens after password change #318

Closed
StringfellowHawke opened this issue Jul 24, 2015 · 4 comments
Closed

delete tokens after password change #318

StringfellowHawke opened this issue Jul 24, 2015 · 4 comments

Comments

@StringfellowHawke
Copy link

Using the email authentication, if I have 2 sessions on different browsers/devices and I reset my password using 1 of the sessions, my other session is still valid. Wouldn't it be prudent to delete all the existing tokens so all my sessions are killed when the password is changed?
@booleanbetrayal
Copy link
Collaborator

I think that would break some expected use-cases. I could see token invalidation being a configurable feature though (defaulting to off to retain backwards compatibility). I'll take a look at a PR to that effect.

@phfts phfts mentioned this issue Dec 17, 2015
Merged
@booleanbetrayal
Copy link
Collaborator

Closed via #474

@StringfellowHawke
Copy link
Author

Thanks @paulosoares86

@phfts
Copy link
Contributor

phfts commented Dec 19, 2015

You're welcome, @StringfellowHawke 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@booleanbetrayal @phfts @StringfellowHawke