- **status**: in-progress --> review
--- ** [tickets:#8140] After password change, change current session id** **Status:** review **Milestone:** unreleased **Labels:** security **Created:** Mon Dec 12, 2016 10:06 PM UTC by Dave Brondsema **Last Updated:** Mon Dec 12, 2016 10:06 PM UTC **Owner:** Dave Brondsema Password changes invalidate all other sessions, but we should also cycle the current session's id. This will protect against the possibility of someone intercepting session cookies and then you change your password on the current session, so their copy of the cookies will no longer work. --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
