Skip to content

[FR] Question / Feature Request: SECURITY - Sessions remain active across devices after password change #8839

Description

@stefano972

Description

Hello AppFlowy Team and Community,

I noticed that when a user changes their account password, other currently logged-in devices (such as web, desktop PCs or the mobile app) remain authenticated and can continue to access the data without being forced to log out or re-authenticate.

Thank you for this amazing project!

Impact

This is a significant security flaw. If a user's account is compromised or a device is lost/stolen, changing the password does not protect the account, as the unauthorized person or device will maintain full access indefinitely.

Additional Context

No response

Metadata

Metadata

Assignees

Labels

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions