Actions
BUG #4239
opendev #4299: [SQA] : Auth module
[SQA] Create New Password: Active sessions remain valid on other devices after password change
Description
Description¶
Module/Section: Agency → Create New Password
Profile: Agency
Issue Category: Functional
When a user is signed in on multiple browsers or devices, changing the password on one session does not invalidate active sessions on other browsers/devices.
Existing sessions remain authenticated due to valid cookies, even after the password is updated.
Steps to Reproduce¶
- Sign in to the account on Browser A.
- Sign in to the same account on Browser B.
- On Browser A, change the account password successfully.
- On Browser B, refresh the page or continue using the session.
- Observe the session state on Browser B.
Expected Result¶
Upon password change, all active sessions on other devices must be invalidated.
Users should be prompted to choose whether to log out from all devices or maintain trusted sessions.
Actual Result¶
Active sessions on other devices remain authenticated and continue to function with the old session.
Attachments¶
Impact Area:¶
Root Cause:¶
Additional Info¶
- Tested By: Aman
Updated by Al Arafat Siddique 2 months ago
- Assignee changed from Ayat Rahman to Al Arafat Siddique
- Parent task set to #4242
Updated by Al Arafat Siddique 2 months ago
- Parent task changed from #4242 to #4244
Updated by Al Arafat Siddique about 2 months ago
- Assignee changed from Al Arafat Siddique to Aman Bhuiyan
Updated by Ayat Rahman about 1 month ago
- Parent task changed from #4244 to #4299
Updated by Aman Bhuiyan 15 days ago
- Assignee changed from Aman Bhuiyan to Ayat Rahman
Actions