Hacker News new | ask | show | jobs
by shkkmo 2996 days ago
Changing a password should always invalidate all existing sessions. If you aren't doing that, then you are doing it wrong.

Edit: Or at least invalidate all sessions initiated using the old password if you have that tracked.
1 comments
will4274 2995 days ago
> Changing a password should always invalidate all existing sessions

Doesn't with Google. They display a prompt and let you select which sessions to expire.

link