Y
Hacker News
new
|
ask
|
show
|
jobs
by
ars
3404 days ago
On sites I write, I hash the hash of the current password into the session key. That way if you change your password all sessions are invalid, even if you change your password to itself.