|
|
|
|
|
|
by dlubarov
3404 days ago
|
|
|
It's good practice to destroy all sessions (besides the current one) when a password is changed, since a password change suggests that the old password may have been compromised. Not sure how many websites do that in practice, though. |
|
|