Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Email/password change should not invalidate current session #3034

Closed
bajtos opened this issue Dec 16, 2016 · 1 comment
Closed

Email/password change should not invalidate current session #3034

bajtos opened this issue Dec 16, 2016 · 1 comment
Assignees
@bajtos
Labels
bug major p1
Milestone
Sprint 27

Comments

@bajtos
Copy link
Member

bajtos commented Dec 16, 2016

In #2693 and #3021, we implemented access-token invalidation when the users changes an email or a password. However, the current code deletes all access tokens, including the token used to make the change password/email request.

IMO, this is a poor user experience, the access token (session) used to make the change should be preserved.

One of the reasons why this was not made in the original pull requests, is that we don't have a good solution for getting the current access token. The easiest way forward is to wait for #3023 to land, after which we can use ctx.options.accessToken to exclude the current access token from the delete query.
@bajtos bajtos self-assigned this Dec 16, 2016
@bajtos bajtos mentioned this issue Dec 16, 2016
Merged
1 task
This was referenced Dec 22, 2016
Merged
Closed
Merged
This was referenced Jan 4, 2017
Merged
Closed
@cgole cgole removed the ease-of-use label Jan 7, 2017
@cgole cgole added this to the Sprint 27 milestone Jan 10, 2017
This was referenced Jan 13, 2017
Merged
Merged
@bajtos
Copy link
Member Author

bajtos commented Jan 25, 2017

Done.

@bajtos bajtos closed this as completed Jan 25, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bajtos bajtos

Labels
bug major p1
Projects
None yet
Milestone
Sprint 27
Development

No branches or pull requests
2 participants
@cgole @bajtos