[keycloak-user] Changing passwords and current sessions

Stian Thorgersen stian at redhat.com
Thu Nov 6 03:34:31 EST 2014

IMO the current behaviour is the correct and I can't see any reason to log out a user after changing the password.

----- Original Message -----
> From: "Alarik Myrin" <alarik at zwift.com>
> To: keycloak-user at lists.jboss.org
> Sent: Wednesday, 5 November, 2014 9:25:01 PM
> Subject: [keycloak-user] Changing passwords and current sessions
> Should changing a password invalidate current sessions, or at least the
> refresh tokens? Or would a user have to change the password AND log out
> current sessions to invalidate the current sessions and refresh tokens? To
> me it seems like the latter is the current behavior, I just wanted to make
> sure that it is desirable.
> Thanks,
> Alarik
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list