I disagree with a lot of the answers.

Send the e-mail now “Someone has changed your password. If it was you then you don't need to do anything. If not panic.” This will arrive when it arrives.

Change the password. Though you have eventual consistency. You want to ensure that this session sees changes made by the user.

There are other consistency promises that you can add.

• Ensure that changes happen in time order.
• Ensure that a user never sees a role-back, but other users may still not see the change.
• There are others

These additional consistencies will need to be implemented depending on the deeds of the application.

I have no idea what you mean by “updates the history“, but please never change history. If you are just extending the DAG, then this should cause the change in the current state. They are not independent. If they are then you can not rely in history reflecting what happened. (and last but not least, don't store passwords see how not to store passwords )

I disagree with a lot of the answers.

1. Send the e-mail now “Someone has changed your password. If it was you then you don't need to do anything. If not panic.” This will arrive when it arrives.
2. Change the password. Though you have eventual consistency. You want to ensure that this session sees changes made by the user.

There are other consistency promises that you can add.

• Ensure that changes happen in time order.
• Ensure that a user never sees a roll-back, but other users may still not see the change.
• There are others

These additional consistencies will need to be implemented depending on the deeds of the application.

I have no idea what you mean by “updates the history“ but please never change history. If you are just extending the DAG, then this should cause the change in the current state. They are not independent. If they are then you can not rely on history reflecting what happened. (and last but not least, don't store passwords see how not to store passwords )