-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clear tokens after changing a password #5
Comments
What about the session that's changing the user's password? Will user be kicked out after a password change? |
i haven't started on this yet. i think it would make sense to provide the user with a new token and the existing ones after they changed their password. what do you think? |
I think remove all tokens and return a new valid one should be good, and the client would be able to decide the behaviour (logging out all clients or keeping the current one in). |
that sounds good to me. |
Definitely interested! I'm new to phoenix & ecto, I'll give it a try :) |
Changing a users password should invalidate all of their tokens.
The text was updated successfully, but these errors were encountered: