Bug: Session doesn't invalidate when password is changed

[wdhdev]

What happened?

When you change your Zipline account password, existing sessions do not get invalidated, and they stay signed in. This can be a security risk if your account got hacked.

Version

latest (ghcr.io/diced/zipline or ghcr.io/diced/zipline:latest)

What browser(s) are you seeing the problem on?

Firefox, Chromium-based (Chrome, Edge, Brave, Opera, mobile chrome/chromium based, etc)

Zipline Logs

No response

Browser Logs

No response

Additional Info

No response

[diced]

hm, this seems like a big issue.. I think it might be fixed in v4 but for the most part I probably wont add a fix for this in v3 (i guess try to not let other people use your account 😅)

[wdhdev]

Sounds good. Also, I probably should've reported this using the security advisories feature but I didn't see that before, my bad.