Update post
Password reset and session revocation are live
Accounts can now recover access through built-in reset links, while existing sessions are cleared after a successful password change.
Post links
Keep browsing
Move between the update feed, upcoming work, and the editor from the same reading surface.
What changed
A concise summary of the work delivered in this release.
- Added password reset request and confirmation routes inside the app.
- Added one-time password reset tokens with expiry and replay protection.
- Revoked active sessions after a successful password change.
- Integrated recovery messaging into the login flow.
User value
How this release improves the experience, workflow, or control users get from LoreKeep.
- Users can recover account access without manual intervention.
- Resetting a password no longer leaves older signed-in sessions active.
- The authentication flow now feels complete instead of stopping at sign-in and registration.
Full notes
Additional context, implementation notes, or rollout details for this release.
Codexa now includes a real account-recovery path instead of treating lost access as a manual support problem. Password reset requests issue one-time expiring tokens, confirmation invalidates the token after use, and active sessions are revoked so a recovered account starts from a clean security state. This turns account recovery into a first-class part of the product instead of a missing edge case.
Release status
Current state
A quick snapshot of how this update is categorized and published.
Category
Security
Status
Live
Published
2026-03-02 16:10 UTC