How to revoke all sessions after reset password from forget password link?
I don't find any way to revoke all logged in sessions of a user after reset password from forget password link. I see there is an method
authClient.revokeSessions() to do this but it need an loggedin sesison.
Also i think about one other solution to login user using the email and newPassword but there is no way to get the email from the forget password link.
Althought i can add an extra searchparam in the link before sending but i am looking for better way.Solution:Jump to solution
this approach worked for me, i manually fetch the user email using the userId, then first login the user and then revokeOtherSesion using authClient.
Thanks...
2 Replies
2.
authClient.forgetPassword() should create a record in Verification table with the user id in value col. From there you can get your email.
1. Idk if there is a param like revokeOtherSessions: true on changePassword https://www.better-auth.com/docs/concepts/session-management#revoking-sessions-on-password-change
But again that's only when you are logged inSolution
this approach worked for me, i manually fetch the user email using the userId, then first login the user and then revokeOtherSesion using authClient.
Thanks