How to logout user from all active sessions when reset password successful ?

Suman Layek asked on April 12, 2023 11:57

I have a requirement to logout the user when he resets his password through password reset link received in email.

The application does not properly invalidate a user’s session on the server after the user initiates a logout.A user’s session remains active even after the logout is initiated. This allows requests to be sent to the server with the user’s session ID, and the server will successfully process the request as though the user is still logged in.An unauthenticated attacker can steal user sessions to send requests to the server as that user until the cookie times out, allowing the attacker to impersonate the victim.

Please let me know how to achieve this feature in Kentico 12 portal engine

Recent Answers

Paul Turner answered on December 18, 2023 16:18

I have the same question. Is it possible to reset the existing sessions for one or more users?

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.