User sessions should expire upon password change #328
When a user changes their password (either via password link, or change password form) their current sessions don't expire.
Steps To Reproduce:
It can also be recreated using the normal change password form
This vulnerability has been reported through the Bug bounty program