This isn't really a security issue (users can terminate sessions in the Settings panel) but causes a ton of false positives on HackerOne.
After a user changes their password, we should prompt them to terminate all active login sessions.
This isn't really a security issue (users can terminate sessions in the Settings panel) but causes a ton of false positives on HackerOne.
After a user changes their password, we should prompt them to terminate all active login sessions.