Force logout in any open sessions when a user resets their password

src/Auth.php

@@ -1248,12 +1248,8 @@ final class Auth extends UserManager {
 				if (\password_verify($token, $resetData['token'])) {
 					if ($resetData['expires'] >= \time()) {
 						$newPassword = self::validatePassword($newPassword);
-
-						// update the password in the database
 						$this->updatePasswordInternal($resetData['user'], $newPassword);
-
+						$this->forceLogoutForUserById($resetData['user']);
-						// delete any remaining remember directives
-						$this->deleteRememberDirectiveForUserById($resetData['user']);
 
 						try {
 							$this->db->delete(