<-- Back

User session remains active after user account status change

Issue

When a user's account is marked as inactive, blocked, or the user's password is changed by an administrator through the User Access Management functionality, the user can still access application functionalities if they remain logged in. The user is not immediately kicked out from their active session when their account status is changed.

Environment

Studio Pro (all versions)

Cause

This is the expected behavior of the Mendix platform. When a user's account is deactivated, blocked, or their password is changed, the system does not automatically terminate existing active sessions. The account status changes only prevent new login attempts, but do not affect sessions that were already established before the account modification.

Solution / Workaround

Add logic that automatically deletes any active sessions associated with a user when their account status is changed. This ensures that deactivating a user immediately terminates their access to the application.

Internal information related

  • 261143
  • C3T260XGA/p1759220603085039

Additional information

Not Applicable

Have more questions? Submit a request

0 Comments

Article is closed for comments.

To provide feedback, please open a ticket here. Don't forget to include the article's URL along with the feedback you would like to provide.