How to force other sessions to expire if the customer updates the password on the other browser

Shopify Plus

Topic summary

A user seeks to automatically expire active customer sessions across all browsers when a password is changed from one browser.

Currently, when a customer updates their password in Chrome, existing sessions in other browsers (e.g., Firefox) remain active instead of being terminated. This creates a security concern where old sessions persist after password changes.

Desired behavior:

  • Password change in one browser should immediately invalidate all other active sessions
  • Force users to re-authenticate with the new password

Current issue:

  • Sessions don’t expire as expected after password updates
  • Multiple simultaneous browser sessions remain active

Response received:
One commenter noted that Shopify’s core login functionality likely cannot be modified to achieve this behavior unless using a headless implementation. This suggests the feature may require custom development or may not be natively supported in standard Shopify Plus setups.

Summarized with AI on November 8. AI used: claude-sonnet-4-5-20250929.
1

Hii Team,

when we changed the password from one browser while another active session was in progress on a different browser, the new password was successfully updated, and the old session remained active, don’t want to that type of, we want to if one browser in change of password so other browser in auto expire session
for example: 1. Go to our site.
2. Log in using two separate browsers simultaneously (e.g., Chrome and Mozilla Firefox).
3. Change the password within the account settings using the Chrome browser.
4. Observe the Mozilla Firefox session.

  1. The session does not expire as expected; instead, it gets “updated.”

inshort, i want important it is to force other sessions to expire if the customer updates the password on the other browser

2

The core login functionality is likely not possible to change unless you were going headless.