---
** [tickets:#8140] After password change, change current session id**
**Status:** in-progress
**Milestone:** unreleased
**Labels:** security
**Created:** Mon Dec 12, 2016 10:06 PM UTC by Dave Brondsema
**Last Updated:** Mon Dec 12, 2016 10:06 PM UTC
**Owner:** Dave Brondsema
Password changes invalidate all other sessions, but we should also cycle the
current session's id. This will protect against the possibility of someone
intercepting session cookies and then you change your password on the current
session, so their copy of the cookies will no longer work.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed
to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is
a mailing list, you can unsubscribe from the mailing list.
