I'm currently using actix session with redis for handling user sessions in web app. I cant figure out how to handle user password reset (aka. "forgot password").
What I mean by password reset:
- User request password reset and receives an email with reset token
- User opens form where he submits new password (with received token) to server
- Server validates reset token and password and stores new hash to database
What I want to do but I have no idea how:
- In step 3. I want to invalidate any previous sessions that user had.
Should I just manually find data in redis and erase it?
