Okay so if the user is already signed in and intends to change password :
Assuming that you have a Change Password
link :
When user clicks Change Password
link :
- Display the
Change Password
form . - User enters
Old Password
. - User enters
New Password
andRetype New Password
.
The user being already signed in , you either have the userId or emailAddress or you can retrieve from the ( user ) table .
So now :
- Validate the Old Password .
- Make sure the
New Password
andRetype New Password
are identical . - Make sure the new passwords adheres your password criteria .
- Everything being fine save the New Password .
Now if your system allows more than one users to sign in into same account , it is wise to automatically sign out all those users and ask to sign in again .