Session Invalidator

The "Session Invalidator" module enhances Drupal's security by invalidating all active sessions for a user when their password is changed. This forces a logout and requires re-authentication, ensuring that any unauthorized access is swiftly revoked following a password change.

Features

• Automatically invalidates all sessions upon password change.
• Forces logout and re-authentication to enhance security.
• Integrates seamlessly with Drupal's user and session management systems.

Post-Installation

After installing the "Session Invalidator" module, it functions immediately without any additional configuration. It hooks into user password change events and performs session invalidation and user logout operations automatically.

Additional Requirements

This module requires no external libraries or modules beyond Drupal core.

Recommended Modules/Libraries

• Login Security: Enhances the security options in the login operation.
• Password Policy: Allows administrators to define password policies.

Similar Projects

While "Automated Logout" provides a site-wide timeout based on user role, "Session Invalidator" specifically targets session invalidation upon password changes, enhancing security measures specifically during credential updates.

Supporting this Module

Community contributions for bug fixes, improvements, and documentation are welcomed. Please visit the module's issue queue on Drupal.org for current efforts and discussions.

Community Documentation

Find more detailed documentation and use cases on the Drupal community documentation pages. More information will be provided following the module's publication.