Story #41: Invalidate All Active Sessions After Password Change - Tingg - Redmine

Actions

Copy link

Story #41

open

Epic #40: Failure to Invalidate Session After Password Change

Invalidate All Active Sessions After Password Change

Added by rashmita rout about 2 months ago. Updated about 2 months ago.

Status:

New

Priority:

Medium

Assignee:

Tingg BE

Target version:

Start date:

01/05/2026

Due date:

% Done:

Estimated time:

Acceptance Criteria:

All active sessions for the user are invalidated immediately

Server-side session data is destroyed

JWT / session tokens issued before password change become unusable

Re-authentication required for all devices

No active session remains after password update

DOR:

Story Points:

Work Type:

Feature

User Impact:

Technical Area:

Release Narrative:

Planned Sprint:

Completed In Sprint:

Spillover Reason:

Deployment Reference URL:

Description

As a system, I want to destroy all active sessions associated with a user account when the password is changed so that old credentials cannot be used to access the system.

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Tingg

Custom queries

Story #41

Invalidate All Active Sessions After Password Change

Updated by rashmita rout about 2 months ago