mod_tokenauth: Invalidate tokens issued before most recent password change
This is a security improvement, to ensure that sessions authenticated using a
token (note: not currently possible in stock Prosody) are invalidated just
like password-authenticated sessions are.
The Prosody project is open to contributions (see HACKERS file), but is
maintained daily by:
- Matthew Wild (mail: matthew [at] prosody.im)
- Waqas Hussain (mail: waqas [at] prosody.im)
- Kim Alvefur (mail: zash [at] prosody.im)
You can reach us collectively by email: developers [at] prosody.im
or in realtime in the Prosody chatroom: prosody@conference.prosody.im