[wp-trac] [WordPress Trac] #61366: A password change should not destroy a user's session data.
WordPress Trac
noreply at wordpress.org
Thu Jan 16 15:33:47 UTC 2025
#61366: A password change should not destroy a user's session data.
-------------------------------------+--------------------------
Reporter: snicco | Owner: johnbillion
Type: feature request | Status: closed
Priority: normal | Milestone: 6.8
Component: Users | Version: 4.0
Severity: minor | Resolution: fixed
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+--------------------------
Changes (by johnbillion):
* status: reviewing => closed
* resolution: => fixed
Comment:
In [changeset:"59633" 59633]:
{{{
#!CommitTicketReference repository="" revision="59633"
Users: Retain the current session when a user changes their password.
Prior to this change a new session was unnecessarily created when a user
changed their own password.
Existing authentication cookies for the user will still be invalidated
regardless of whether they share the same session token because session
cookie keys contain a substring of the password hash.
Props snicco, narenin, johnbillion
Fixes #61366
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61366#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list