We’ve migrated our documentation to a new site, which means some URLs have changed.
Subscriptions

When are User sessions cleared?

Identity Management user sessions are automatically terminated under specific circumstances to maintain security and ensure proper handling of user data. These include the following cases:

1. Password Change

  • Any change to the user’s password results in an immediate session termination.

2. Profile Changes

  • Modifications to the user’s first name, last name, or email will clear existing sessions.

3. Passwordless User Updates

  • Setting a password for a previously passwordless user will force a session termination.

4. User Deletion

  • When a user is deleted, whether due to a GDPR API request or account removal from the dashboard, their session is also terminated.

Once any of these changes are made, the user’s session will be cleared under the following conditions:

  • If the user reloads the page or clicks on a link: The session is immediately terminated.

  • If the user does not reload the page: No immediate effect occurs, and the session will remain active until the next action that requires re-authentication.

While these actions ensure that sessions are cleared after key changes, the user’s browser cookies may still retain session data unless the page is reloaded or a new link is clicked. Therefore, it is critical for users to reload their session after major changes to their account or to log out and back in.

Last updated: