fix: use wasChanged() instead of isDirty() in updated hooks

Critical Bug Fix: - isDirty() always returns false in updated() hook - wasChanged() correctly tracks modifications after save Files Fixed: - ServerSetting: Sentinel restart now triggers on config changes - DeletesUserSessions: Session invalidation now works on password change Security Impact: - CRITICAL: Password changes now properly invalidate user sessions - Prevents session hijacking after password reset 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-04 17:35:54 +00:00 · 2025-10-15 22:33:04 +02:00
parent 23c1184e86
commit e04b9cd07c
6 changed files with 363 additions and 7 deletions
@@ -26,7 +26,7 @@ trait DeletesUserSessions
    {
        static::updated(function ($user) {
            // Check if password was changed
-            if ($user->isDirty('password')) {
+            if ($user->wasChanged('password')) {
                $user->deleteAllSessions();
            }
        });