None.
The updateUser
function does not reset user’s session.
Use two browsers and on the first, update the second user’s session to delete his privileges.
Going to the second, you and refreshing the page, you will that the user have lost his right (until his session get over).