2 Replies Latest reply on Nov 15, 2012 8:50 AM by Maxim Zverev

    Invalidate RhoConnect session

      What is the proper way to invalidate an existing RhoConnect session? There doesn't seem to be a way to do that programmatically on the server side except by deleting the user.


      The use case is...user is logged into a device and the device is stolen. The user changes their password but the device is still logged in and has a valid API Token so the password change isn't recognized. We need to be able to invalidate the API Token without deleting the user out of the system.