Remove all user's cookies/sessions when password is reset
Posted
by
Juraj
on Stack Overflow
See other posts from Stack Overflow
or by Juraj
Published on 2012-11-04T22:57:59Z
Indexed on
2012/11/04
22:59 UTC
Read the original article
Hit count: 192
I'm interested in improving security of my TurboGears 2.2 application so that when user changes his password, it logs him out from all sessions and he must login again. When user changes password on browser 1, he must relogin on browser 2, too. Experiments show that this is not the case, especially if browser 2 had "remember me" enabled.
It's standard quickstarted app using repoze.who. It seems maybe I need to change AuthTktCookiePlugin, but don't see a way to do it without much rewiring.
© Stack Overflow or respective owner