BUG #4239: [SQA] Create New Password: Active sessions remain valid on other devices after password change - Algonyx - Redmine

Actions

Copy link

BUG #4239

open

dev #4299: [SQA] : Auth module

[SQA] Create New Password: Active sessions remain valid on other devices after password change

Added by Aman Bhuiyan 2 months ago. Updated 16 days ago.

Status:

Pending

Priority:

High

Assignee:

Ayat Rahman

Target version:

sprint 04

Start date:

02/03/2026

Due date:

% Done:

100%

Estimated time:

Spent time:

0:15 h

Description

Description¶

Module/Section: Agency → Create New Password
Profile: Agency
Issue Category: Functional

When a user is signed in on multiple browsers or devices, changing the password on one session does not invalidate active sessions on other browsers/devices.
Existing sessions remain authenticated due to valid cookies, even after the password is updated.

Steps to Reproduce¶

Sign in to the account on Browser A.
Sign in to the same account on Browser B.
On Browser A, change the account password successfully.
On Browser B, refresh the page or continue using the session.
Observe the session state on Browser B.

Expected Result¶

Upon password change, all active sessions on other devices must be invalidated.
Users should be prompted to choose whether to log out from all devices or maintain trusted sessions.

Actual Result¶

Active sessions on other devices remain authenticated and continue to function with the old session.

Attachments¶

Impact Area:¶

Root Cause:¶

Additional Info¶

Tested By: Aman

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Development » Algonyx