> When you rotate an encryption key, you must immediately log out of any logged-in sessions on Bitwarden client applications (Desktop App, Browser Extension, Mobile App, etc). […]

> Making changes in a session with a "stale" encryption key will cause data corruption that will make your data unrecoverable.

I love Bitwarden but this is just… borderline hilarious. Laughing nervously. God damn it, don’t write a damn “help” article about it, create a P0 bug, fix it asap and write a post-mortem.

Field report: I tried to see this UX in action and while it is indeed bad, there are some redeeming factors:

- By default, you don’t rotate encryption key when you change master password. This is opt-in. I’m not qualified to say whether this is a good default or not.

- If you do, a full modal warning pops up explaining to log out or wait an hour:

- They invalidate the sessions automatically, but this is delayed.

AIUI you have to tick the box, not read the warning, hurry to a different device and modify the vault, and have pissed off the cache invalidation gods all at the same time to reach corruption.

Agreed. It should at least log you out of all sessions without you having to do it yourself. This is good to know if I ever want to rotate my encryption key. Knowing this, I may even log out of all sessions even if I was rotating my master key.