If someone performs a password update action from within their own profile in a SaaS app, should all of their other sessions (if any) for that app be dropped (e.g. if they are logged in via multiple devices)?
Another alternative is to offer a "Sign me out of all devices" option.
I'm not sure if either of the above are even necessary, or what is considered "best practice".
Aucun commentaire:
Enregistrer un commentaire