BEST
DEALS OF THE
YEAR!
SAVE UP TO $3,000
LAST DAY 1 DEC
00 Days
00 Hrs
00 Min
00 Sec
Open Closed

Change Password Force Fully Logout Other sessions of that user #6750

User avatar
0
dipak.z created
  • ABP Framework version: v5.2.1
  • UI Type: MVC
  • Database System: EF Core ( PostgreSQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

-> When User Change Own Password then another sessions of that user force fully logout(this issue show in vulnerability tool report.)

Go to accepted answer
3 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can try to set ValidationInterval of SecurityStampValidatorOptions. The default is 30 minutes.

    If this value is too small, it may affect performance.

    https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.securitystampvalidatoroptions.validationinterval?view=aspnetcore-8.0

  • User Avatar
    0
    dipak.z created

    Any other way because portal is too slow when i put 1 minute

    i have to solve because its show as vulnerability.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    There is no good solution, we can only periodically check in the request if the user has changed the password.

    You can override the SecurityStampValidator.ValidatePrincipalAsync method to validate it yourself in other ways.

    https://github.com/dotnet/aspnetcore/blob/release/8.0/src/Identity/Core/src/SecurityStampValidator.cs#L129-L163

Assignee
User avatar maliming
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.1.0-preview. Updated on November 20, 2025, 09:12
1
ABP Assistant
🔐 You need to be logged in to use the chatbot. Please log in first.