Contrib.social

Sessions Not Invalidated on Password Change

Open on Drupal.org →
Created on 2 October 2024, about 2 months ago

Problem/Motivation

I am experiencing an issue with the Session Invalidator module. When a user changes their password while logged in, the session remains active in other browsers/devices, rather than being invalidated as expected. Ideally, upon a password change, all active sessions for that user should be destroyed, ensuring they need to re-login with the new password.

Steps to reproduce

1.Log in to the website on two different browsers.
2.Change the password using one browser.
3.Observe that the other browser remains logged in.

Expected Behavior

Upon changing the password, all existing sessions across all browsers should be invalidated, and the user should be required to log in again with the new credentials.

Actual Behavior

The session on the other browser remains active even after the password has been changed.

🐛 Bug report
Status

Active

Version

1.0

Component

Code

Created by

🇮🇳India Jay Jangid

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024