What is password invalidation? How to Enabling?

Password invalidation, when enabled, requires WebSphere Commerce users to change their password if the user's password has expired. In this case, the user is redirected to a page where they are required to change their password. Users are not able to access any secure pages on the site until they have changed their password.

Enable password invalidation

There are two way can enable password invalidation.

First Step: Directly modify wc-server.xml file.

1. Locate wc-server.xml file
2. Update strPasswordInvalidationSetting = WcsApp.configProperties.getValue("PasswordInvalidation/enabled", "false");
3. Restart your WebSphere Commerce instance.

Second Step: Using Configuration Manager.

1. Open the Configuration Manager.
2. Traverse to the Password Invalidation node for your instance as follows: WebSphere Commerce > node_name > Commerce > Instance List > instance_name > Instance Properties > Password Invalidation
3. To activate the password invalidation feature, click the Enable check box.
4. To apply your changes to Configuration Manager, click Apply. Upon successfully updating the configuration for your instance, you will receive a message indicating a successful update.
5. Restart your WebSphere Commerce instance.

Note: From the above, Websphere best practice is Second Step: (Using Configuration Manager)