The plugin_forcelogout is a drop in solution if you want to logout a customer from all other active sessions after they change their password. The session that is used to change the password will remain active but on all others customer will be logged out after their first action that requires an authorized activity. This adds a layer of security to your site.
It offers two options:
- Force logout only when on one of the sessions the password has been changed. This allows customer to have multiple sessions as the same time as long as they dont change their password.
- Force logout after new login. That way there can be only one active session at any given time. This option nukes the previous one as it won't be possible to get to such scenario.
This cartridge works with compatibility mode of 18.10 and newer
plugin_forcelogout has standard unit tests. Integration tests require additional software (such as puppeteer) to handle the complex case.
Configure cartridge path with plugin_forcelogout before app_storefront_base. Like that plugin_forcelogout:app_storefront_base
By default the plugin is disabled but you can turn on the feature by going to Site preferences -> Force Logoug and turn "Enable Force Logout" on.