Add session management features: implement user session revocation on password change, enhance session validation, and update UI for password change functionality
This commit is contained in:
@ -147,10 +147,11 @@ case 'auth/change-password':
|
||||
"UPDATE users SET passwordHash = :h, mustChangePassword = 0 WHERE userID = :uid"
|
||||
)->execute([':h' => $newHash, ':uid' => $user['userID']]);
|
||||
|
||||
token_revoke_all_for_user_on_pdo($pdo, $user['userID']);
|
||||
|
||||
qdb_save($tmpDb, $lockFp);
|
||||
|
||||
// Revoke the old (possibly temp) token and issue a fresh one
|
||||
token_revoke($bearerToken);
|
||||
// Issue a fresh session for this browser only
|
||||
$newToken = bin2hex(random_bytes(32));
|
||||
token_add($newToken, 30 * 24 * 60 * 60, [
|
||||
'role' => $user['role'],
|
||||
|
||||
Reference in New Issue
Block a user