End sessions after password has been changed
Remove open sessions from session table or invalidate them after a user changed the password in order to get rid of sessions used by potential attackers.
This should not include the session used to change the password.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information