Replies: 1 comment 3 replies
-
|
Yes, from a security POV it is a good practice to logout on any user change, including password reset. However, the bundle does not support invalidating tokens yet. For now you can workaround this by implementing your own user checker as in https://symfony.com/doc/current/security/user_checkers.html |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your reply. I was thinking of implementing this: https://gist.github.com/benjaminrau/865f94d142605eb72a23a34ccdd0617a |
Beta Was this translation helpful? Give feedback.
-
|
Nope, that works :) |
Beta Was this translation helpful? Give feedback.
-
|
Thanks :) I have some issues to implement it because I use API platform, I don't understand how to trigger an event when I change or reset my password the same way it's done on this gist. Also, he has FormEvent but I use API requests from my front-end so I don't have this either. Can you help me on this? |
Beta Was this translation helpful? Give feedback.
-
I am using API Platform and JWT token to authenticate during my requests
I am wondering if I should disconnect user's sessions if its password changes/resets?
I heard it's not supposed to happen wtih JWT and it's not a part of the bundle, but, is it fine not to disconnect user's sessions if its password gets changed? I'm asking about security point of view
I would appreciate any help
Beta Was this translation helpful? Give feedback.
All reactions