Event/Observer After password change Automatically logout
-
02-10-2020 - |
Question
I'm looking for a way to hook into the event of customers changing their passwords. So if someone changes the password in the customer front end, I'd like to logout automatically when user change password in account page. please help for Automatically logout after change password.
Solution
Hook into the event controller_action_postdispatch_customer_account_resetpasswordpost
and in the observer, you can write the below code to programatically logout :
Mage::getSingleton('customer/session')->logout();
EDIT
You need to create a new module.
Let's call it Company_Module
.
app/etc/modules/Company_Module.xml
- the declaration file
<?xml version="1.0"?>
<config>
<modules>
<Company_Module>
<codePool>local</codePool>
<active>true</active>
</Company_Module>
</modules>
</config>
app/code/local/Company/Module/etc/config.xml
- the configuration file
<?xml version="1.0"?>
<config>
<modules>
<Company_Module>
<version>0.0.1</version>
</Company_Module>
</modules>
<global>
<models>
<company_module>
<class>Company_Module_Model</class>
</company_module>
</models>
</global>
<frontend>
<events>
<controller_action_postdispatch_customer_account_resetpasswordpost><!-- observe the event -->
<observers>
<company_module>
<class>company_module/observer</class>
<method>logout</method>
</company_module>
</observers>
</controller_action_postdispatch_customer_account_resetpasswordpost>
</events>
</frontend>
</config>
app/code/local/Company/Module/Model/Observer.php
- the observe class
<?php
class Company_Module_Model_Observer {
public function logout($observer) {
if (version_compare(Mage::getVersion(), '1.7', '<')) {
$session = Mage::getSingleton('customer/session');
if ($session->isLoggedIn()) {
Mage::getSingleton('customer/session')->logout();
}
}
}
}
Clear the cache when you are done.
OTHER TIPS
With default Magento, this feature already exists. You can see this in this in the method Mage_Customer_AccountController::resetPasswordPostAction()
at app/code/core/Mage/Customer/controllers/AccountController.php
.
public function resetPasswordPostAction()
{
.....
try {
// Empty current reset password token i.e. invalidate it
$customer->setRpToken(null);
$customer->setRpTokenCreatedAt(null);
$customer->cleanPasswordsValidationData();
$customer->save();
$this->_getSession()->unsetData(self::TOKEN_SESSION_NAME);
$this->_getSession()->unsetData(self::CUSTOMER_ID_SESSION_NAME);
$this->_getSession()->addSuccess($this->_getHelper('customer')->__('Your password has been updated.'));
$this->_redirect('*/*/login');
} catch (Exception $exception) {
$this->_getSession()->addException($exception, $this->__('Cannot save a new password.'));
$this->_redirect('*/*/changeforgotten');
return;
}
}
As you can see, if everything works good, then Magento will first save new password. Then it will unset current customer session, then customer will be redirected to login page.
So in your case, customer is not logged out means, some customization/rewrite has done to this controller method. You need to find out it and apply same thing that Magento does here in that customized section.
Manashvi's answer is also good and you can use it without a double thoughts. But in my opinion, the best solution is, apply following changes to the customized section
//invalidate session
$this->_getSession()->unsetData(self::TOKEN_SESSION_NAME);
$this->_getSession()->unsetData(self::CUSTOMER_ID_SESSION_NAME);
$this->_getSession()->addSuccess($this->_getHelper('customer')->__('Your password has been updated.'));
//redirecting to login page
$this->_redirect('*/*/login');
I think you need to check below event
customer_save_after
In above event you can check for password change and logout that particular customer ,
when password is change this event also call so you can try with this event
Hope this will help you.