Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clear tokens after changing a password #5

Open
manukall opened this issue Apr 25, 2015 · 5 comments
Open

Clear tokens after changing a password #5

manukall opened this issue Apr 25, 2015 · 5 comments
Labels
enhancement

Comments

@manukall
Copy link
Owner

Changing a users password should invalidate all of their tokens.
@LeeroyDing
Copy link
Contributor

What about the session that's changing the user's password? Will user be kicked out after a password change?

@manukall
Copy link
Owner Author

i haven't started on this yet. i think it would make sense to provide the user with a new token and the existing ones after they changed their password. what do you think?

@LeeroyDing
Copy link
Contributor

I think remove all tokens and return a new valid one should be good, and the client would be able to decide the behaviour (logging out all clients or keeping the current one in).

@manukall
Copy link
Owner Author

that sounds good to me.
did you want to work on that? 😉

@LeeroyDing
Copy link
Contributor

Definitely interested! I'm new to phoenix & ecto, I'll give it a try :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manukall @LeeroyDing