From 1fa67227eda44ec24b076fd66be74475e8059941 Mon Sep 17 00:00:00 2001
From: Harsh Mahajan <127186841+HarshMN2345@users.noreply.github.com>
Date: Wed, 31 Dec 2025 01:20:40 +0530
Subject: [PATCH 1/8] feat: New Group security cards

---
 .../auth/security/+page.svelte                |  18 +--
 .../auth/security/passwordPolicies.svelte     | 150 ++++++++++++++++++
 .../auth/security/sessionSecurity.svelte      |  94 +++++++++++
 .../security/updatePasswordDictionary.svelte  |  61 -------
 .../security/updatePasswordHistory.svelte     |  80 ----------
 .../security/updatePersonalDataCheck.svelte   |  56 -------
 .../auth/security/updateSessionAlerts.svelte  |  54 -------
 .../security/updateSessionInvalidation.svelte |  56 -------
 8 files changed, 250 insertions(+), 319 deletions(-)
 create mode 100644 src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
 create mode 100644 src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
 delete mode 100644 src/routes/(console)/project-[region]-[project]/auth/security/updatePasswordDictionary.svelte
 delete mode 100644 src/routes/(console)/project-[region]-[project]/auth/security/updatePasswordHistory.svelte
 delete mode 100644 src/routes/(console)/project-[region]-[project]/auth/security/updatePersonalDataCheck.svelte
 delete mode 100644 src/routes/(console)/project-[region]-[project]/auth/security/updateSessionAlerts.svelte
 delete mode 100644 src/routes/(console)/project-[region]-[project]/auth/security/updateSessionInvalidation.svelte

diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte
index 48718cba38..c7c34b5c1b 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte
@@ -1,26 +1,20 @@
 <script lang="ts">
     import { Container } from '$lib/layout';
     import UpdateMockNumbers from './updateMockNumbers.svelte';
-    import UpdatePasswordDictionary from './updatePasswordDictionary.svelte';
-    import UpdatePasswordHistory from './updatePasswordHistory.svelte';
-    import UpdatePersonalDataCheck from './updatePersonalDataCheck.svelte';
-    import UpdateSessionAlerts from './updateSessionAlerts.svelte';
-    import UpdateSessionLength from './updateSessionLength.svelte';
-    import UpdateSessionsLimit from './updateSessionsLimit.svelte';
     import UpdateMembershipPrivacy from './updateMembershipPrivacy.svelte';
     import UpdateUsersLimit from './updateUsersLimit.svelte';
-    import UpdateSessionInvalidation from './updateSessionInvalidation.svelte';
+    import UpdateSessionLength from './updateSessionLength.svelte';
+    import UpdateSessionsLimit from './updateSessionsLimit.svelte';
+    import PasswordPolicies from './passwordPolicies.svelte';
+    import SessionSecurity from './sessionSecurity.svelte';
 </script>
 
 <Container>
     <UpdateUsersLimit />
     <UpdateSessionLength />
     <UpdateSessionsLimit />
-    <UpdatePasswordHistory />
-    <UpdatePasswordDictionary />
-    <UpdatePersonalDataCheck />
-    <UpdateSessionAlerts />
-    <UpdateSessionInvalidation />
+    <PasswordPolicies />
+    <SessionSecurity />
     <UpdateMockNumbers />
     <UpdateMembershipPrivacy />
 </Container>
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
new file mode 100644
index 0000000000..ddc4be0878
--- /dev/null
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
@@ -0,0 +1,150 @@
+<script lang="ts">
+    import { invalidate } from '$app/navigation';
+    import { Submit, trackError, trackEvent } from '$lib/actions/analytics';
+    import { CardGrid } from '$lib/components';
+    import { Dependencies } from '$lib/constants';
+    import { Button, Form, InputNumber, InputSwitch } from '$lib/elements/forms';
+    import { addNotification } from '$lib/stores/notifications';
+    import { sdk } from '$lib/stores/sdk';
+    import { Typography, Link, Layout } from '@appwrite.io/pink-svelte';
+    import { project } from '../../store';
+    import { tick } from 'svelte';
+
+    let passwordHistory = $state(5);
+    let passwordHistoryEnabled = $state(false);
+    let passwordDictionary = $state(false);
+    let authPersonalDataCheck = $state(false);
+
+    let maxPasswordInputField: InputNumber | null = null;
+
+    // Initialize and sync state when project updates
+    $effect(() => {
+        const currentProject = $project;
+        const historyValue = currentProject?.authPasswordHistory;
+        passwordHistory = historyValue < 1 ? 5 : historyValue;
+        passwordHistoryEnabled = (historyValue ?? 0) !== 0;
+        passwordDictionary = currentProject?.authPasswordDictionary ?? false;
+        authPersonalDataCheck = currentProject?.authPersonalDataCheck ?? false;
+    });
+
+    $effect(() => {
+        if (passwordHistoryEnabled) {
+            tick().then(() => {
+                if (maxPasswordInputField) {
+                    maxPasswordInputField.addInputFocus();
+                }
+            });
+        }
+    });
+
+    const hasChanges = $derived(
+        passwordHistoryEnabled !== (($project?.authPasswordHistory ?? 0) !== 0) ||
+            (passwordHistoryEnabled && passwordHistory !== ($project?.authPasswordHistory ?? 0)) ||
+            passwordDictionary !== ($project?.authPasswordDictionary ?? false) ||
+            authPersonalDataCheck !== ($project?.authPersonalDataCheck ?? false)
+    );
+
+    async function updatePasswordPolicies() {
+        try {
+            // Update password history
+            await sdk.forConsole.projects.updateAuthPasswordHistory({
+                projectId: $project.$id,
+                limit: passwordHistoryEnabled ? passwordHistory : 0
+            });
+
+            // Update password dictionary
+            await sdk.forConsole.projects.updateAuthPasswordDictionary({
+                projectId: $project.$id,
+                enabled: passwordDictionary
+            });
+
+            // Update personal data check
+            await sdk.forConsole.projects.updatePersonalDataCheck({
+                projectId: $project.$id,
+                enabled: authPersonalDataCheck
+            });
+
+            await invalidate(Dependencies.PROJECT);
+            addNotification({
+                type: 'success',
+                message: 'Updated password policies.'
+            });
+            trackEvent(Submit.AuthPasswordHistoryUpdate);
+            trackEvent(Submit.AuthPasswordDictionaryUpdate);
+            trackEvent(Submit.AuthPersonalDataCheckUpdate);
+        } catch (error) {
+            addNotification({
+                type: 'error',
+                message: error.message
+            });
+            trackError(error, Submit.AuthPasswordHistoryUpdate);
+        }
+    }
+</script>
+
+<Form onSubmit={updatePasswordPolicies}>
+    <CardGrid gap="xxl">
+        <svelte:fragment slot="title">Password policies</svelte:fragment>
+        <svelte:fragment slot="aside">
+            <InputSwitch
+                bind:value={passwordHistoryEnabled}
+                id="passwordHistoryEnabled"
+                label="Password history">
+                <svelte:fragment slot="description">
+                    <Layout.Stack gap="m">
+                        <Typography.Text>
+                            Enabling this option prevents users from reusing recent passwords by
+                            comparing the new password with their password history.
+                        </Typography.Text>
+                        {#if passwordHistoryEnabled}
+                            <InputNumber
+                                required
+                                max={20}
+                                min={1}
+                                id="password-history"
+                                label="Limit"
+                                bind:value={passwordHistory}
+                                bind:this={maxPasswordInputField}
+                                helper="Maximum 20 passwords." />
+                        {/if}
+                    </Layout.Stack>
+                </svelte:fragment>
+            </InputSwitch>
+
+            <InputSwitch
+                bind:value={passwordDictionary}
+                id="passwordDictionary"
+                label="Password dictionary">
+                <svelte:fragment slot="description">
+                    <Typography.Text>
+                        Enabling this option prevent users from setting insecure passwords by
+                        comparing the user's password with the <Link.Anchor
+                            target="_blank"
+                            rel="noopener noreferrer"
+                            class="link"
+                            href="https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10k-most-common.txt"
+                            >10k most commonly used passwords.</Link.Anchor>
+                    </Typography.Text>
+                </svelte:fragment>
+            </InputSwitch>
+
+            <InputSwitch
+                bind:value={authPersonalDataCheck}
+                id="personalDataCheck"
+                label="Disallow personal data">
+                <svelte:fragment slot="description">
+                    <Typography.Text>
+                        Do not allow passwords that contain any part of the user's personal data.
+                        This includes the user's <Typography.Code>name</Typography.Code>, <Typography.Code
+                            >email</Typography.Code
+                        >, or <Typography.Code>phone</Typography.Code>.
+                    </Typography.Text>
+                </svelte:fragment>
+            </InputSwitch>
+        </svelte:fragment>
+
+        <svelte:fragment slot="actions">
+            <Button disabled={!hasChanges} submit>Update</Button>
+        </svelte:fragment>
+    </CardGrid>
+</Form>
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
new file mode 100644
index 0000000000..e2b4be9e02
--- /dev/null
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
@@ -0,0 +1,94 @@
+<script lang="ts">
+    import { invalidate } from '$app/navigation';
+    import { Submit, trackError, trackEvent } from '$lib/actions/analytics';
+    import { CardGrid } from '$lib/components';
+    import { Dependencies } from '$lib/constants';
+    import { Button, Form, InputSwitch } from '$lib/elements/forms';
+    import { addNotification } from '$lib/stores/notifications';
+    import { sdk } from '$lib/stores/sdk';
+    import { Typography } from '@appwrite.io/pink-svelte';
+    import { project as projectStore } from '../../store';
+    import { page } from '$app/state';
+
+    const project = $derived($projectStore ?? page.data?.project);
+
+    let authSessionAlerts = $state(false);
+    let sessionInvalidation = $state(false);
+
+    // Initialize state from project
+    $effect(() => {
+        authSessionAlerts = project?.authSessionAlerts ?? false;
+        sessionInvalidation = project?.authInvalidateSessions ?? false;
+    });
+
+    const hasChanges = $derived(
+        authSessionAlerts !== (project?.authSessionAlerts ?? false) ||
+            sessionInvalidation !== (project?.authInvalidateSessions ?? false)
+    );
+
+    async function updateSessionSecurity() {
+        try {
+            // Update session alerts
+            await sdk.forConsole.projects.updateSessionAlerts({
+                projectId: project.$id,
+                alerts: authSessionAlerts
+            });
+
+            // Update session invalidation
+            await sdk.forConsole.projects.updateSessionInvalidation({
+                projectId: project.$id,
+                enabled: sessionInvalidation
+            });
+
+            await invalidate(Dependencies.PROJECT);
+
+            addNotification({
+                type: 'success',
+                message: 'Updated session security settings.'
+            });
+            trackEvent(Submit.AuthSessionAlertsUpdate);
+            trackEvent(Submit.AuthInvalidateSesssion);
+        } catch (error) {
+            addNotification({
+                type: 'error',
+                message: error.message
+            });
+            trackError(error, Submit.AuthSessionAlertsUpdate);
+        }
+    }
+</script>
+
+<Form onSubmit={updateSessionSecurity}>
+    <CardGrid gap="xxl">
+        <svelte:fragment slot="title">Session security</svelte:fragment>
+        <svelte:fragment slot="aside">
+            <InputSwitch
+                bind:value={authSessionAlerts}
+                id="authSessionAlerts"
+                label="Session alerts">
+                <svelte:fragment slot="description">
+                    <Typography.Text>
+                        Enabling this option will send an email to the users when a new session is
+                        created.
+                    </Typography.Text>
+                </svelte:fragment>
+            </InputSwitch>
+
+            <InputSwitch
+                bind:value={sessionInvalidation}
+                id="invalidateSessions"
+                label="Invalidate sessions">
+                <svelte:fragment slot="description">
+                    <Typography.Text>
+                        Enabling this option will clear all existing sessions when the user changes
+                        their password.
+                    </Typography.Text>
+                </svelte:fragment>
+            </InputSwitch>
+        </svelte:fragment>
+
+        <svelte:fragment slot="actions">
+            <Button disabled={!hasChanges} submit>Update</Button>
+        </svelte:fragment>
+    </CardGrid>
+</Form>
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/updatePasswordDictionary.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/updatePasswordDictionary.svelte
deleted file mode 100644
index 0e921ab044..0000000000
--- a/src/routes/(console)/project-[region]-[project]/auth/security/updatePasswordDictionary.svelte
+++ /dev/null
@@ -1,61 +0,0 @@
-<script lang="ts">
-    import { invalidate } from '$app/navigation';
-    import { Submit, trackError, trackEvent } from '$lib/actions/analytics';
-    import { CardGrid } from '$lib/components';
-    import { Dependencies } from '$lib/constants';
-    import { Button, Form, InputSwitch } from '$lib/elements/forms';
-    import { addNotification } from '$lib/stores/notifications';
-    import { sdk } from '$lib/stores/sdk';
-    import { Typography, Link } from '@appwrite.io/pink-svelte';
-    import { project } from '../../store';
-
-    let passwordDictionary = $project?.authPasswordDictionary ?? false;
-
-    async function updatePasswordDictionary() {
-        try {
-            await sdk.forConsole.projects.updateAuthPasswordDictionary({
-                projectId: $project.$id,
-                enabled: passwordDictionary
-            });
-            await invalidate(Dependencies.PROJECT);
-            addNotification({
-                type: 'success',
-                message: 'Updated password dictionary check.'
-            });
-            trackEvent(Submit.AuthPasswordDictionaryUpdate);
-        } catch (error) {
-            addNotification({
-                type: 'error',
-                message: error.message
-            });
-            trackError(error, Submit.AuthPasswordDictionaryUpdate);
-        }
-    }
-</script>
-
-<Form onSubmit={updatePasswordDictionary}>
-    <CardGrid>
-        <svelte:fragment slot="title">Password dictionary</svelte:fragment>
-        <svelte:fragment slot="aside">
-            <InputSwitch
-                bind:value={passwordDictionary}
-                id="passwordDictionary"
-                label="Password dictionary" />
-            <Typography.Text>
-                Enabling this option prevent users from setting insecure passwords by comparing the
-                user's password with the <Link.Anchor
-                    target="_blank"
-                    rel="noopener noreferrer"
-                    class="link"
-                    href="https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10k-most-common.txt"
-                    >10k most commonly used passwords.</Link.Anchor>
-            </Typography.Text>
-        </svelte:fragment>
-
-        <svelte:fragment slot="actions">
-            <Button disabled={passwordDictionary === $project?.authPasswordDictionary} submit>
-                Update
-            </Button>
-        </svelte:fragment>
-    </CardGrid>
-</Form>
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/updatePasswordHistory.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/updatePasswordHistory.svelte
deleted file mode 100644
index 0b42184874..0000000000
--- a/src/routes/(console)/project-[region]-[project]/auth/security/updatePasswordHistory.svelte
+++ /dev/null
@@ -1,80 +0,0 @@
-<script lang="ts">
-    import { invalidate } from '$app/navigation';
-    import { Submit, trackError, trackEvent } from '$lib/actions/analytics';
-    import { CardGrid } from '$lib/components';
-    import { Dependencies } from '$lib/constants';
-    import { Button, Form, InputNumber, InputSwitch } from '$lib/elements/forms';
-    import { addNotification } from '$lib/stores/notifications';
-    import { sdk } from '$lib/stores/sdk';
-    import { Typography } from '@appwrite.io/pink-svelte';
-    import { project } from '../../store';
-    import { tick } from 'svelte';
-
-    let passwordHistory = $project?.authPasswordHistory < 1 ? 5 : $project?.authPasswordHistory;
-    let passwordHistoryEnabled = ($project?.authPasswordHistory ?? 0) !== 0;
-    let initialPasswordHistoryEnabled = passwordHistoryEnabled;
-
-    async function updatePasswordHistoryLimit() {
-        try {
-            await sdk.forConsole.projects.updateAuthPasswordHistory({
-                projectId: $project.$id,
-                limit: passwordHistoryEnabled ? passwordHistory : 0
-            });
-            await invalidate(Dependencies.PROJECT);
-            initialPasswordHistoryEnabled = passwordHistoryEnabled;
-            addNotification({
-                type: 'success',
-                message: 'Updated password history limit.'
-            });
-            trackEvent(Submit.AuthPasswordHistoryUpdate);
-        } catch (error) {
-            addNotification({
-                type: 'error',
-                message: error.message
-            });
-            trackError(error, Submit.AuthPasswordHistoryUpdate);
-        }
-    }
-
-    let maxPasswordInputField: InputNumber | null = null;
-
-    $: if (passwordHistoryEnabled && maxPasswordInputField) {
-        tick().then(() => {
-            maxPasswordInputField.addInputFocus();
-        });
-    }
-</script>
-
-<Form onSubmit={updatePasswordHistoryLimit}>
-    <CardGrid>
-        <svelte:fragment slot="title">Password history</svelte:fragment>
-        Set the maximum number of passwords saved per user.
-        <svelte:fragment slot="aside">
-            <InputSwitch
-                bind:value={passwordHistoryEnabled}
-                id="passwordHistoryEnabled"
-                label="Password history" />
-            <Typography.Text>
-                Enabling this option prevents users from reusing recent passwords by comparing the
-                new password with their password history.
-            </Typography.Text>
-            <InputNumber
-                required
-                max={20}
-                min={1}
-                id="password-history"
-                label="Limit"
-                disabled={!passwordHistoryEnabled}
-                bind:value={passwordHistory}
-                helper="Maximum 20 passwords." />
-        </svelte:fragment>
-
-        <svelte:fragment slot="actions">
-            <Button
-                disabled={(passwordHistory === $project?.authPasswordHistory ||
-                    $project?.authPasswordHistory === 0) &&
-                    initialPasswordHistoryEnabled === passwordHistoryEnabled}
-                submit>Update</Button>
-        </svelte:fragment>
-    </CardGrid>
-</Form>
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/updatePersonalDataCheck.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/updatePersonalDataCheck.svelte
deleted file mode 100644
index 71f87c24d3..0000000000
--- a/src/routes/(console)/project-[region]-[project]/auth/security/updatePersonalDataCheck.svelte
+++ /dev/null
@@ -1,56 +0,0 @@
-<script lang="ts">
-    import { invalidate } from '$app/navigation';
-    import { Submit, trackError, trackEvent } from '$lib/actions/analytics';
-    import { CardGrid } from '$lib/components';
-    import { Dependencies } from '$lib/constants';
-    import { Button, Form, InputSwitch } from '$lib/elements/forms';
-    import { addNotification } from '$lib/stores/notifications';
-    import { sdk } from '$lib/stores/sdk';
-    import { Typography } from '@appwrite.io/pink-svelte';
-    import { project } from '../../store';
-
-    let authPersonalDataCheck = $project?.authPersonalDataCheck ?? false;
-
-    async function updatePersonalDataCheck() {
-        try {
-            await sdk.forConsole.projects.updatePersonalDataCheck({
-                projectId: $project.$id,
-                enabled: authPersonalDataCheck
-            });
-            await invalidate(Dependencies.PROJECT);
-            addNotification({
-                type: 'success',
-                message: 'Toggled personal data checks for passwords'
-            });
-            trackEvent(Submit.AuthPersonalDataCheckUpdate);
-        } catch (error) {
-            addNotification({
-                type: 'error',
-                message: error.message
-            });
-            trackError(error, Submit.AuthPersonalDataCheckUpdate);
-        }
-    }
-</script>
-
-<Form onSubmit={updatePersonalDataCheck}>
-    <CardGrid>
-        <svelte:fragment slot="title">Personal data</svelte:fragment>
-        <svelte:fragment slot="aside">
-            <InputSwitch
-                bind:value={authPersonalDataCheck}
-                id="personalDataCheck"
-                label="Disallow personal data" />
-            <Typography.Text>
-                Do not allow passwords that contain any part of the user's personal data. This
-                includes the user's <Typography.Code>name</Typography.Code>, <Typography.Code
-                    >email</Typography.Code
-                >, or <Typography.Code>phone</Typography.Code>.
-            </Typography.Text>
-        </svelte:fragment>
-        <svelte:fragment slot="actions">
-            <Button disabled={authPersonalDataCheck === $project?.authPersonalDataCheck} submit
-                >Update</Button>
-        </svelte:fragment>
-    </CardGrid>
-</Form>
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/updateSessionAlerts.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/updateSessionAlerts.svelte
deleted file mode 100644
index ba8af9ec9d..0000000000
--- a/src/routes/(console)/project-[region]-[project]/auth/security/updateSessionAlerts.svelte
+++ /dev/null
@@ -1,54 +0,0 @@
-<script lang="ts">
-    import { invalidate } from '$app/navigation';
-    import { Submit, trackError, trackEvent } from '$lib/actions/analytics';
-    import { CardGrid } from '$lib/components';
-    import { Dependencies } from '$lib/constants';
-    import { Button, Form, InputSwitch } from '$lib/elements/forms';
-    import { addNotification } from '$lib/stores/notifications';
-    import { sdk } from '$lib/stores/sdk';
-    import { Typography } from '@appwrite.io/pink-svelte';
-    import { project } from '../../store';
-
-    let authSessionAlerts = $project?.authSessionAlerts ?? false;
-
-    async function updateSessionAlerts() {
-        try {
-            await sdk.forConsole.projects.updateSessionAlerts({
-                projectId: $project.$id,
-                alerts: authSessionAlerts
-            });
-            await invalidate(Dependencies.PROJECT);
-            addNotification({
-                type: 'success',
-                message: 'Updated session alerts.'
-            });
-            trackEvent(Submit.AuthSessionAlertsUpdate);
-        } catch (error) {
-            addNotification({
-                type: 'error',
-                message: error.message
-            });
-            trackError(error, Submit.AuthSessionAlertsUpdate);
-        }
-    }
-</script>
-
-<Form onSubmit={updateSessionAlerts}>
-    <CardGrid>
-        <svelte:fragment slot="title">Session alerts</svelte:fragment>
-        <svelte:fragment slot="aside">
-            <InputSwitch
-                bind:value={authSessionAlerts}
-                id="authSessionAlerts"
-                label="Session alerts" />
-            <Typography.Text>
-                Enabling this option will send an email to the users when a new session is created.
-            </Typography.Text>
-        </svelte:fragment>
-        <svelte:fragment slot="actions">
-            <Button disabled={authSessionAlerts === $project?.authSessionAlerts} submit>
-                Update
-            </Button>
-        </svelte:fragment>
-    </CardGrid>
-</Form>
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/updateSessionInvalidation.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/updateSessionInvalidation.svelte
deleted file mode 100644
index c2c449e3eb..0000000000
--- a/src/routes/(console)/project-[region]-[project]/auth/security/updateSessionInvalidation.svelte
+++ /dev/null
@@ -1,56 +0,0 @@
-<script lang="ts">
-    import { invalidate } from '$app/navigation';
-    import { Submit, trackError, trackEvent } from '$lib/actions/analytics';
-    import { CardGrid } from '$lib/components';
-    import { Dependencies } from '$lib/constants';
-    import { Button, Form, InputSwitch } from '$lib/elements/forms';
-    import { addNotification } from '$lib/stores/notifications';
-    import { sdk } from '$lib/stores/sdk';
-    import { Typography } from '@appwrite.io/pink-svelte';
-    import { project } from '../../store';
-
-    let sessionInvalidation = $project?.authInvalidateSessions ?? false;
-
-    async function updateSessionInvalidation() {
-        try {
-            await sdk.forConsole.projects.updateSessionInvalidation({
-                projectId: $project.$id,
-                enabled: sessionInvalidation
-            });
-            await invalidate(Dependencies.PROJECT);
-            addNotification({
-                type: 'success',
-                message: 'Updated session invalidation check.'
-            });
-            trackEvent(Submit.AuthInvalidateSesssion);
-        } catch (error) {
-            addNotification({
-                type: 'error',
-                message: error.message
-            });
-            trackError(error, Submit.AuthInvalidateSesssion);
-        }
-    }
-</script>
-
-<Form onSubmit={updateSessionInvalidation}>
-    <CardGrid>
-        <svelte:fragment slot="title">Invalidate sessions</svelte:fragment>
-        <svelte:fragment slot="aside">
-            <InputSwitch
-                bind:value={sessionInvalidation}
-                id="invalidateSessions"
-                label="Invalidate sessions" />
-            <Typography.Text>
-                Enabling this option will clear all existing sessions when the user changes their
-                password.
-            </Typography.Text>
-        </svelte:fragment>
-
-        <svelte:fragment slot="actions">
-            <Button disabled={sessionInvalidation === $project?.authInvalidateSessions} submit>
-                Update
-            </Button>
-        </svelte:fragment>
-    </CardGrid>
-</Form>

From 44c693befdc39bfda382c1366cd06c88971a6ab9 Mon Sep 17 00:00:00 2001
From: Harsh Mahajan <127186841+HarshMN2345@users.noreply.github.com>
Date: Wed, 31 Dec 2025 01:26:09 +0530
Subject: [PATCH 2/8] Update
 src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---
 .../auth/security/passwordPolicies.svelte                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
index ddc4be0878..f39b5203d4 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
@@ -117,7 +117,7 @@
                 label="Password dictionary">
                 <svelte:fragment slot="description">
                     <Typography.Text>
-                        Enabling this option prevent users from setting insecure passwords by
+                        Enabling this option prevents users from setting insecure passwords by
                         comparing the user's password with the <Link.Anchor
                             target="_blank"
                             rel="noopener noreferrer"

From 23529ffe234314436df737a2940c53bee899c04f Mon Sep 17 00:00:00 2001
From: Harsh Mahajan <127186841+HarshMN2345@users.noreply.github.com>
Date: Wed, 31 Dec 2025 10:37:18 +0530
Subject: [PATCH 3/8] no store import in security page

---
 .../auth/security/+page.svelte                |  5 ++--
 .../auth/security/passwordPolicies.svelte     | 25 ++++++++++---------
 .../auth/security/sessionSecurity.svelte      |  5 ++--
 3 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte
index c7c34b5c1b..6c0ce43597 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte
@@ -1,5 +1,6 @@
 <script lang="ts">
     import { Container } from '$lib/layout';
+    import { page } from '$app/state';
     import UpdateMockNumbers from './updateMockNumbers.svelte';
     import UpdateMembershipPrivacy from './updateMembershipPrivacy.svelte';
     import UpdateUsersLimit from './updateUsersLimit.svelte';
@@ -13,8 +14,8 @@
     <UpdateUsersLimit />
     <UpdateSessionLength />
     <UpdateSessionsLimit />
-    <PasswordPolicies />
-    <SessionSecurity />
+    <PasswordPolicies project={page.data.project} />
+    <SessionSecurity project={page.data.project} />
     <UpdateMockNumbers />
     <UpdateMembershipPrivacy />
 </Container>
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
index f39b5203d4..94001272e8 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
@@ -7,9 +7,11 @@
     import { addNotification } from '$lib/stores/notifications';
     import { sdk } from '$lib/stores/sdk';
     import { Typography, Link, Layout } from '@appwrite.io/pink-svelte';
-    import { project } from '../../store';
+    import type { Models } from '@appwrite.io/console';
     import { tick } from 'svelte';
 
+    let { project }: { project: Models.Project } = $props();
+
     let passwordHistory = $state(5);
     let passwordHistoryEnabled = $state(false);
     let passwordDictionary = $state(false);
@@ -19,12 +21,11 @@
 
     // Initialize and sync state when project updates
     $effect(() => {
-        const currentProject = $project;
-        const historyValue = currentProject?.authPasswordHistory;
+        const historyValue = project?.authPasswordHistory;
         passwordHistory = historyValue < 1 ? 5 : historyValue;
         passwordHistoryEnabled = (historyValue ?? 0) !== 0;
-        passwordDictionary = currentProject?.authPasswordDictionary ?? false;
-        authPersonalDataCheck = currentProject?.authPersonalDataCheck ?? false;
+        passwordDictionary = project?.authPasswordDictionary ?? false;
+        authPersonalDataCheck = project?.authPersonalDataCheck ?? false;
     });
 
     $effect(() => {
@@ -38,29 +39,29 @@
     });
 
     const hasChanges = $derived(
-        passwordHistoryEnabled !== (($project?.authPasswordHistory ?? 0) !== 0) ||
-            (passwordHistoryEnabled && passwordHistory !== ($project?.authPasswordHistory ?? 0)) ||
-            passwordDictionary !== ($project?.authPasswordDictionary ?? false) ||
-            authPersonalDataCheck !== ($project?.authPersonalDataCheck ?? false)
+        passwordHistoryEnabled !== ((project?.authPasswordHistory ?? 0) !== 0) ||
+            (passwordHistoryEnabled && passwordHistory !== (project?.authPasswordHistory ?? 0)) ||
+            passwordDictionary !== (project?.authPasswordDictionary ?? false) ||
+            authPersonalDataCheck !== (project?.authPersonalDataCheck ?? false)
     );
 
     async function updatePasswordPolicies() {
         try {
             // Update password history
             await sdk.forConsole.projects.updateAuthPasswordHistory({
-                projectId: $project.$id,
+                projectId: project.$id,
                 limit: passwordHistoryEnabled ? passwordHistory : 0
             });
 
             // Update password dictionary
             await sdk.forConsole.projects.updateAuthPasswordDictionary({
-                projectId: $project.$id,
+                projectId: project.$id,
                 enabled: passwordDictionary
             });
 
             // Update personal data check
             await sdk.forConsole.projects.updatePersonalDataCheck({
-                projectId: $project.$id,
+                projectId: project.$id,
                 enabled: authPersonalDataCheck
             });
 
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
index e2b4be9e02..0ba9c936c5 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
@@ -7,10 +7,9 @@
     import { addNotification } from '$lib/stores/notifications';
     import { sdk } from '$lib/stores/sdk';
     import { Typography } from '@appwrite.io/pink-svelte';
-    import { project as projectStore } from '../../store';
-    import { page } from '$app/state';
+    import type { Models } from '@appwrite.io/console';
 
-    const project = $derived($projectStore ?? page.data?.project);
+    let { project }: { project: Models.Project } = $props();
 
     let authSessionAlerts = $state(false);
     let sessionInvalidation = $state(false);

From dd9eab776555d4798721fa97893cbf41322b26a2 Mon Sep 17 00:00:00 2001
From: Harsh Mahajan <127186841+HarshMN2345@users.noreply.github.com>
Date: Thu, 1 Jan 2026 13:25:48 +0530
Subject: [PATCH 4/8] Changed AuthInvalidateSesssion to AuthInvalidateSession
 and used promise all

---
 src/lib/actions/analytics.ts                  |  2 +-
 .../auth/security/passwordPolicies.svelte     | 31 +++++++++----------
 .../auth/security/sessionSecurity.svelte      | 23 +++++++-------
 3 files changed, 26 insertions(+), 30 deletions(-)

diff --git a/src/lib/actions/analytics.ts b/src/lib/actions/analytics.ts
index 6880f1c2f4..035d79569c 100644
--- a/src/lib/actions/analytics.ts
+++ b/src/lib/actions/analytics.ts
@@ -268,7 +268,7 @@ export enum Submit {
     AuthSessionAlertsUpdate = 'submit_auth_session_alerts_update',
     AuthMembershipPrivacyUpdate = 'submit_auth_membership_privacy_update',
     AuthMockNumbersUpdate = 'submit_auth_mock_numbers_update',
-    AuthInvalidateSesssion = 'submit_auth_invalidate_session',
+    AuthInvalidateSession = 'submit_auth_invalidate_session',
     SessionsLengthUpdate = 'submit_sessions_length_update',
     SessionsLimitUpdate = 'submit_sessions_limit_update',
     SessionDelete = 'submit_session_delete',
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
index 94001272e8..6074832c4c 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
@@ -47,23 +47,20 @@
 
     async function updatePasswordPolicies() {
         try {
-            // Update password history
-            await sdk.forConsole.projects.updateAuthPasswordHistory({
-                projectId: project.$id,
-                limit: passwordHistoryEnabled ? passwordHistory : 0
-            });
-
-            // Update password dictionary
-            await sdk.forConsole.projects.updateAuthPasswordDictionary({
-                projectId: project.$id,
-                enabled: passwordDictionary
-            });
-
-            // Update personal data check
-            await sdk.forConsole.projects.updatePersonalDataCheck({
-                projectId: project.$id,
-                enabled: authPersonalDataCheck
-            });
+            await Promise.all([
+                sdk.forConsole.projects.updateAuthPasswordHistory({
+                    projectId: project.$id,
+                    limit: passwordHistoryEnabled ? passwordHistory : 0
+                }),
+                sdk.forConsole.projects.updateAuthPasswordDictionary({
+                    projectId: project.$id,
+                    enabled: passwordDictionary
+                }),
+                sdk.forConsole.projects.updatePersonalDataCheck({
+                    projectId: project.$id,
+                    enabled: authPersonalDataCheck
+                })
+            ]);
 
             await invalidate(Dependencies.PROJECT);
             addNotification({
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
index 0ba9c936c5..31ec6aba0f 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
@@ -27,17 +27,16 @@
 
     async function updateSessionSecurity() {
         try {
-            // Update session alerts
-            await sdk.forConsole.projects.updateSessionAlerts({
-                projectId: project.$id,
-                alerts: authSessionAlerts
-            });
-
-            // Update session invalidation
-            await sdk.forConsole.projects.updateSessionInvalidation({
-                projectId: project.$id,
-                enabled: sessionInvalidation
-            });
+            await Promise.all([
+                sdk.forConsole.projects.updateSessionAlerts({
+                    projectId: project.$id,
+                    alerts: authSessionAlerts
+                }),
+                sdk.forConsole.projects.updateSessionInvalidation({
+                    projectId: project.$id,
+                    enabled: sessionInvalidation
+                })
+            ]);
 
             await invalidate(Dependencies.PROJECT);
 
@@ -46,7 +45,7 @@
                 message: 'Updated session security settings.'
             });
             trackEvent(Submit.AuthSessionAlertsUpdate);
-            trackEvent(Submit.AuthInvalidateSesssion);
+            trackEvent(Submit.AuthInvalidateSession);
         } catch (error) {
             addNotification({
                 type: 'error',

From 2d2b102102775ec325e1cb1a4b42e0270a76b457 Mon Sep 17 00:00:00 2001
From: Harsh Mahajan <127186841+HarshMN2345@users.noreply.github.com>
Date: Fri, 2 Jan 2026 12:12:20 +0530
Subject: [PATCH 5/8] removed promise.all since they are not synchronised

---
 .../auth/security/passwordPolicies.svelte     | 26 +++++++++----------
 .../auth/security/sessionSecurity.svelte      | 18 ++++++-------
 2 files changed, 20 insertions(+), 24 deletions(-)

diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
index 6074832c4c..d57c738429 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
@@ -47,20 +47,18 @@
 
     async function updatePasswordPolicies() {
         try {
-            await Promise.all([
-                sdk.forConsole.projects.updateAuthPasswordHistory({
-                    projectId: project.$id,
-                    limit: passwordHistoryEnabled ? passwordHistory : 0
-                }),
-                sdk.forConsole.projects.updateAuthPasswordDictionary({
-                    projectId: project.$id,
-                    enabled: passwordDictionary
-                }),
-                sdk.forConsole.projects.updatePersonalDataCheck({
-                    projectId: project.$id,
-                    enabled: authPersonalDataCheck
-                })
-            ]);
+            await sdk.forConsole.projects.updateAuthPasswordHistory({
+                projectId: project.$id,
+                limit: passwordHistoryEnabled ? passwordHistory : 0
+            });
+            await sdk.forConsole.projects.updateAuthPasswordDictionary({
+                projectId: project.$id,
+                enabled: passwordDictionary
+            });
+            await sdk.forConsole.projects.updatePersonalDataCheck({
+                projectId: project.$id,
+                enabled: authPersonalDataCheck
+            });
 
             await invalidate(Dependencies.PROJECT);
             addNotification({
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
index 31ec6aba0f..f64fee94ed 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
@@ -27,16 +27,14 @@
 
     async function updateSessionSecurity() {
         try {
-            await Promise.all([
-                sdk.forConsole.projects.updateSessionAlerts({
-                    projectId: project.$id,
-                    alerts: authSessionAlerts
-                }),
-                sdk.forConsole.projects.updateSessionInvalidation({
-                    projectId: project.$id,
-                    enabled: sessionInvalidation
-                })
-            ]);
+            await sdk.forConsole.projects.updateSessionAlerts({
+                projectId: project.$id,
+                alerts: authSessionAlerts
+            });
+            await sdk.forConsole.projects.updateSessionInvalidation({
+                projectId: project.$id,
+                enabled: sessionInvalidation
+            });
 
             await invalidate(Dependencies.PROJECT);
 

From 8d75905b24ea77db217a716d3bc85dc4bb0639f2 Mon Sep 17 00:00:00 2001
From: Harsh Mahajan <127186841+HarshMN2345@users.noreply.github.com>
Date: Fri, 2 Jan 2026 12:17:20 +0530
Subject: [PATCH 6/8] preserve password limit

---
 .../auth/security/+page.svelte                      |  8 +++++---
 .../auth/security/passwordPolicies.svelte           | 13 ++++++++++++-
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte
index 6c0ce43597..385cfe1f52 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte
@@ -1,6 +1,6 @@
 <script lang="ts">
     import { Container } from '$lib/layout';
-    import { page } from '$app/state';
+    import type { PageProps } from './$types';
     import UpdateMockNumbers from './updateMockNumbers.svelte';
     import UpdateMembershipPrivacy from './updateMembershipPrivacy.svelte';
     import UpdateUsersLimit from './updateUsersLimit.svelte';
@@ -8,14 +8,16 @@
     import UpdateSessionsLimit from './updateSessionsLimit.svelte';
     import PasswordPolicies from './passwordPolicies.svelte';
     import SessionSecurity from './sessionSecurity.svelte';
+
+    let { data }: PageProps = $props();
 </script>
 
 <Container>
     <UpdateUsersLimit />
     <UpdateSessionLength />
     <UpdateSessionsLimit />
-    <PasswordPolicies project={page.data.project} />
-    <SessionSecurity project={page.data.project} />
+    <PasswordPolicies project={data.project} />
+    <SessionSecurity project={data.project} />
     <UpdateMockNumbers />
     <UpdateMembershipPrivacy />
 </Container>
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
index d57c738429..46547cecb9 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
@@ -16,18 +16,29 @@
     let passwordHistoryEnabled = $state(false);
     let passwordDictionary = $state(false);
     let authPersonalDataCheck = $state(false);
+    let lastValidLimit = $state(5);
 
     let maxPasswordInputField: InputNumber | null = null;
 
     // Initialize and sync state when project updates
     $effect(() => {
         const historyValue = project?.authPasswordHistory;
-        passwordHistory = historyValue < 1 ? 5 : historyValue;
+        if (historyValue && historyValue > 0) {
+            passwordHistory = historyValue;
+            lastValidLimit = historyValue;
+        }
         passwordHistoryEnabled = (historyValue ?? 0) !== 0;
         passwordDictionary = project?.authPasswordDictionary ?? false;
         authPersonalDataCheck = project?.authPersonalDataCheck ?? false;
     });
 
+    // restore last valid limit when enabling
+    $effect(() => {
+        if (passwordHistoryEnabled && passwordHistory < 1) {
+            passwordHistory = lastValidLimit;
+        }
+    });
+
     $effect(() => {
         if (passwordHistoryEnabled) {
             tick().then(() => {

From 7a595b1197add536f835df75c2fa0505a84d8e7e Mon Sep 17 00:00:00 2001
From: Darshan <itznotabug@gmail.com>
Date: Fri, 2 Jan 2026 14:21:37 +0530
Subject: [PATCH 7/8] update: improvements.

---
 .../auth/security/passwordPolicies.svelte     | 62 +++++++++----------
 1 file changed, 30 insertions(+), 32 deletions(-)

diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
index 46547cecb9..004e772eec 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
@@ -8,65 +8,63 @@
     import { sdk } from '$lib/stores/sdk';
     import { Typography, Link, Layout } from '@appwrite.io/pink-svelte';
     import type { Models } from '@appwrite.io/console';
-    import { tick } from 'svelte';
+    import { onMount } from 'svelte';
 
-    let { project }: { project: Models.Project } = $props();
+    let {
+        project
+    }: {
+        project: Models.Project;
+    } = $props();
 
+    let lastValidLimit = $state(5);
     let passwordHistory = $state(5);
-    let passwordHistoryEnabled = $state(false);
     let passwordDictionary = $state(false);
+    let passwordHistoryEnabled = $state(false);
     let authPersonalDataCheck = $state(false);
-    let lastValidLimit = $state(5);
-
-    let maxPasswordInputField: InputNumber | null = null;
 
-    // Initialize and sync state when project updates
-    $effect(() => {
-        const historyValue = project?.authPasswordHistory;
+    onMount(() => {
+        // update initial states here in onMount.
+        const historyValue = project.authPasswordHistory;
         if (historyValue && historyValue > 0) {
             passwordHistory = historyValue;
             lastValidLimit = historyValue;
         }
+
         passwordHistoryEnabled = (historyValue ?? 0) !== 0;
-        passwordDictionary = project?.authPasswordDictionary ?? false;
-        authPersonalDataCheck = project?.authPersonalDataCheck ?? false;
+        passwordDictionary = project.authPasswordDictionary ?? false;
+        authPersonalDataCheck = project.authPersonalDataCheck ?? false;
     });
 
-    // restore last valid limit when enabling
     $effect(() => {
+        // restore last valid limit when enabling
         if (passwordHistoryEnabled && passwordHistory < 1) {
             passwordHistory = lastValidLimit;
         }
     });
 
-    $effect(() => {
-        if (passwordHistoryEnabled) {
-            tick().then(() => {
-                if (maxPasswordInputField) {
-                    maxPasswordInputField.addInputFocus();
-                }
-            });
-        }
-    });
+    const hasChanges = $derived.by(() => {
+        const dictChanged = passwordDictionary !== project.authPasswordDictionary;
+        const dataCheckChanged = authPersonalDataCheck !== project.authPersonalDataCheck;
+        const historyChanged = passwordHistoryEnabled !== (project.authPasswordHistory !== 0);
 
-    const hasChanges = $derived(
-        passwordHistoryEnabled !== ((project?.authPasswordHistory ?? 0) !== 0) ||
-            (passwordHistoryEnabled && passwordHistory !== (project?.authPasswordHistory ?? 0)) ||
-            passwordDictionary !== (project?.authPasswordDictionary ?? false) ||
-            authPersonalDataCheck !== (project?.authPersonalDataCheck ?? false)
-    );
+        return historyChanged || dictChanged || dataCheckChanged;
+    });
 
     async function updatePasswordPolicies() {
         try {
-            await sdk.forConsole.projects.updateAuthPasswordHistory({
+            const projectSdk = sdk.forConsole.projects;
+
+            await projectSdk.updateAuthPasswordHistory({
                 projectId: project.$id,
                 limit: passwordHistoryEnabled ? passwordHistory : 0
             });
-            await sdk.forConsole.projects.updateAuthPasswordDictionary({
+
+            await projectSdk.updateAuthPasswordDictionary({
                 projectId: project.$id,
                 enabled: passwordDictionary
             });
-            await sdk.forConsole.projects.updatePersonalDataCheck({
+
+            await projectSdk.updatePersonalDataCheck({
                 projectId: project.$id,
                 enabled: authPersonalDataCheck
             });
@@ -108,10 +106,10 @@
                                 required
                                 max={20}
                                 min={1}
-                                id="password-history"
+                                autofocus
                                 label="Limit"
+                                id="password-history"
                                 bind:value={passwordHistory}
-                                bind:this={maxPasswordInputField}
                                 helper="Maximum 20 passwords." />
                         {/if}
                     </Layout.Stack>

From 0c65c0d79060215e899a4d656bd035a651b51769 Mon Sep 17 00:00:00 2001
From: Harsh Mahajan <127186841+HarshMN2345@users.noreply.github.com>
Date: Fri, 2 Jan 2026 15:02:07 +0530
Subject: [PATCH 8/8] added limitchanged

---
 .../auth/security/passwordPolicies.svelte          | 14 +++++++++-----
 .../auth/security/sessionSecurity.svelte           | 14 ++++++++------
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
index 004e772eec..22898b060c 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/passwordPolicies.svelte
@@ -43,11 +43,15 @@
     });
 
     const hasChanges = $derived.by(() => {
-        const dictChanged = passwordDictionary !== project.authPasswordDictionary;
-        const dataCheckChanged = authPersonalDataCheck !== project.authPersonalDataCheck;
-        const historyChanged = passwordHistoryEnabled !== (project.authPasswordHistory !== 0);
-
-        return historyChanged || dictChanged || dataCheckChanged;
+        const dictChanged = passwordDictionary !== (project.authPasswordDictionary ?? false);
+        const dataCheckChanged = authPersonalDataCheck !== (project.authPersonalDataCheck ?? false);
+        const historyChanged =
+            passwordHistoryEnabled !== ((project.authPasswordHistory ?? 0) !== 0);
+        const limitChanged =
+            passwordHistoryEnabled &&
+            Number(passwordHistory) !== (project.authPasswordHistory ?? 0);
+
+        return historyChanged || dictChanged || dataCheckChanged || limitChanged;
     });
 
     async function updatePasswordPolicies() {
diff --git a/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte b/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
index f64fee94ed..6babbbecc6 100644
--- a/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
+++ b/src/routes/(console)/project-[region]-[project]/auth/security/sessionSecurity.svelte
@@ -8,22 +8,24 @@
     import { sdk } from '$lib/stores/sdk';
     import { Typography } from '@appwrite.io/pink-svelte';
     import type { Models } from '@appwrite.io/console';
+    import { onMount } from 'svelte';
 
     let { project }: { project: Models.Project } = $props();
 
     let authSessionAlerts = $state(false);
     let sessionInvalidation = $state(false);
 
-    // Initialize state from project
-    $effect(() => {
+    onMount(() => {
         authSessionAlerts = project?.authSessionAlerts ?? false;
         sessionInvalidation = project?.authInvalidateSessions ?? false;
     });
 
-    const hasChanges = $derived(
-        authSessionAlerts !== (project?.authSessionAlerts ?? false) ||
-            sessionInvalidation !== (project?.authInvalidateSessions ?? false)
-    );
+    const hasChanges = $derived.by(() => {
+        const alertsChanged = authSessionAlerts !== (project?.authSessionAlerts ?? false);
+        const invalidationChanged =
+            sessionInvalidation !== (project?.authInvalidateSessions ?? false);
+        return alertsChanged || invalidationChanged;
+    });
 
     async function updateSessionSecurity() {
         try {