I'm new to ember-simple-auth and I need some help. Say, there are 3 users, User A is Admin, User B and C are User. User C somehow able to hack User B's account and currently is logged in as User B. User B asked User A to reset his password.
I want to invalidate User C's session (who is currently logged in as User B) after User A reset User B's password.
I'm thinking of saving each user's session in a database and every time the user logs out, the session in database is also removed.
Just delete or reset the user's token on the server side. The next time they make a request with the old token they'd receive a 401 and will be logged out.