Remove all user's cookies/sessions when password is reset

Posted by Juraj on Stack Overflow See other posts from Stack Overflow or by Juraj
Published on 2012-11-04T22:57:59Z Indexed on 2012/11/04 22:59 UTC
Read the original article Hit count: 192

Filed under:
|
|

I'm interested in improving security of my TurboGears 2.2 application so that when user changes his password, it logs him out from all sessions and he must login again. When user changes password on browser 1, he must relogin on browser 2, too. Experiments show that this is not the case, especially if browser 2 had "remember me" enabled.

It's standard quickstarted app using repoze.who. It seems maybe I need to change AuthTktCookiePlugin, but don't see a way to do it without much rewiring.

© Stack Overflow or respective owner

Related posts about python

Related posts about turbogears