When a user's password or permissions are updated, the system does not invalidate the existing user session. The user remains logged in and can continue using the system without being forced to re-authenticate.
Steps to Reproduce
Log in as a team member user
From an admin account, update the user's password or permissions
Return to the existing session of the team member user
Expected Behavior
The user session should be invalidated immediately after password or permission changes.
The user should be forced to log in again using the updated credentials.
Actual Behavior
The user remains logged in with the existing session.
No prompt appears requesting the user to re-authenticate.
When a user's password or permissions are updated, the system does not invalidate the existing user session. The user remains logged in and can continue using the system without being forced to re-authenticate.
Steps to Reproduce
Log in as a team member user
From an admin account, update the user's password or permissions
Return to the existing session of the team member user
Expected Behavior
The user session should be invalidated immediately after password or permission changes.
The user should be forced to log in again using the updated credentials.
Actual Behavior
The user remains logged in with the existing session.
No prompt appears requesting the user to re-authenticate.