Remove persistent sessions after password change

[alromh87]

📊 Metadata *

Bounty URL: https://www.huntr.dev/bounties/2-packagist-userfrosting%2Fuserfrosting

⚙️ Description *

Persistent sessions are invalidated after password change.

💻 Technical Description *

Userfost uses gbirke/rememberme for persistent sessions so cleanAllTriplets is called via logout in Authenticator class after password change.

🐛 Proof of Concept (PoC) *

1. Setup UserFrosting and crate user
2. Login with new user from two different browsers enabling 'Keep me signed in'
3. Change password on one session
4. Persistent session on the other browser will still be valid

🔥 Proof of Fix (PoF) *

After fix persistent session will be invalidated and user will have to login again.

👍 User Acceptance Testing (UAT)

Password can be changed normally

[huntr-helper]

Congratulations alromh87 - your fix has been selected! 🎉

Thanks for being part of the community & helping secure the world's open source code.
If you have any questions, please respond in the comments section, or hit us up on Discord. Your bounty is on its way - keep hunting!

Come join us on Discord