End sessions after password has been changed
Remove open sessions from session table or invalidate them after a user changed the password in order to get rid of sessions used by potential attackers.
This should not include the session used to change the password.