Auth0 is not invalidating all the active session after password reset : Nextjs 14

Hi @shoeb.malik ,

Welcome to the Auth0 Community!

Regarding the Auth0 session, our docs do say that resetting a user’s password makes their session expire: Change Users' Passwords. But, this does nothing to kill the application session layer.

This article is more recent and includes some basic recommendations: Users is Not Logged Out after Password Reset.

Then, you might find our OIDC Back-Channel Logout feature helpful. It can only be implemented for applications that have a backend, but it lets applications subscribe to session termination events, like password change, and then terminate the application session layer: OIDC Back-Channel Logout Initiators. Here are the more general docs on how this feature works: OIDC Back-Channel Logout

Other information can be found in these articles:

Please let me know if this helps.

Thanks,
Timotei