mirror of
https://github.com/delight-im/PHP-Auth.git
synced 2025-07-11 11:36:24 +02:00
Force logout in any other sessions when a user changes their password
This commit is contained in:
@ -765,9 +765,12 @@ final class Auth extends UserManager {
|
|||||||
public function changePasswordWithoutOldPassword($newPassword) {
|
public function changePasswordWithoutOldPassword($newPassword) {
|
||||||
if ($this->isLoggedIn()) {
|
if ($this->isLoggedIn()) {
|
||||||
$newPassword = self::validatePassword($newPassword);
|
$newPassword = self::validatePassword($newPassword);
|
||||||
$userId = $this->getUserId();
|
$this->updatePasswordInternal($this->getUserId(), $newPassword);
|
||||||
$this->updatePasswordInternal($userId, $newPassword);
|
|
||||||
$this->deleteRememberDirectiveForUserById($userId);
|
try {
|
||||||
|
$this->logOutEverywhereElse();
|
||||||
|
}
|
||||||
|
catch (NotLoggedInException $ignored) {}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
throw new NotLoggedInException();
|
throw new NotLoggedInException();
|
||||||
|
Reference in New Issue
Block a user