ulysses/core
Alexandre Teixeira 5dd5847d4b
Revoke stale sessions after password change
After a successful password change, revoke all browser sessions for the
same user except the one that submitted the request. This prevents stale
sessions on other devices from remaining valid after credentials are
updated.

Keep API-token behavior unchanged. The current browser session is
preserved so the user can continue from the tab that changed the
password.

Add focused regression tests for preserving the current session, revoking
other sessions, persisting revocation, and avoiding revocation when the
current password is incorrect.
2026-06-02 05:59:22 +09:00
..
__init__.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
atomic_io.py Add native Windows compatibility layer 2026-06-01 15:09:47 +09:00
auth.py Revoke stale sessions after password change 2026-06-02 05:59:22 +09:00
constants.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
database.py Scope email calendar extraction to account owner 2026-06-01 23:12:32 +09:00
exceptions.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
middleware.py Fix email-thread HTML injection, attachment path traversal, and missing authz (#475) 2026-06-01 22:20:17 +09:00
models.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
platform_compat.py Add native Windows compatibility layer 2026-06-01 15:09:47 +09:00
session_manager.py Fix chat message history timestamps 2026-06-01 11:18:18 +09:00