Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Bug report: when you change user password, all other sessions still opens with previous password

0 votes
101 views
asked Mar 13 in Q2A Core by htabar
Hi There,

I've changed a user password in one of the browsers. This user is still active with previous passwords in other browsers
Q2A version: 1.8

1 Answer

0 votes
answered Mar 17 by Scott
If I understand what you're describing correctly, this is not a bug.

When you say you're still logged in "with previous passwords" that's not really the case. You're not actually using your previous password in the other browser, you're using a session. The session was originally verified with the old password, but it's not using the password now in any way.
commented Mar 17 by htabar
Thanks Scott for the point mentioned. Anyways, I would say, from security stand point it would be better to end other sessions if password is changed or any  other solutions so that other sessions with previous password would be killed.
...