Uploaded image for project: 'Webservices REST Module'
  1. Webservices REST Module
  2. RESTWS-844

User sessions authenticated with old password should be invalidated

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Code Review (Initial)
    • Priority: Should
    • Resolution: Unresolved
    • Affects Version/s: 2.31.0
    • Fix Version/s: 2.34.0
    • Component/s: None
    • Labels:
      None
    • Complexity:
      M

      Description

      Description

      When a user's password is changed by the administrator or by the user oneself, then all the other active HTTP sessions are invalidated. This is to protect against scenario where the user thinks that his/her password may have been compromised.

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              petmongrels Vivek Singh
              Reporter:
              petmongrels Vivek Singh
              Designated Committer:
              Daniel Kayiwa Daniel Kayiwa
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: