From 21dd1c3dafe4cfdc31748da4aae3027d63316d70 Mon Sep 17 00:00:00 2001
From: joshuaruesweg <ruesweg@woltlab.com>
Date: Mon, 26 Oct 2020 11:05:35 +0100
Subject: [PATCH] Delete sessions after password change Closes #3635 Closes
 #3641

---
 wcfsetup/install/files/lib/data/user/UserAction.class.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/wcfsetup/install/files/lib/data/user/UserAction.class.php b/wcfsetup/install/files/lib/data/user/UserAction.class.php
index e2de2fe17e..772e2b3e9a 100644
--- a/wcfsetup/install/files/lib/data/user/UserAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/UserAction.class.php
@@ -20,6 +20,7 @@ use wcf\system\exception\PermissionDeniedException;
 use wcf\system\exception\UserInputException;
 use wcf\system\language\LanguageFactory;
 use wcf\system\request\RequestHandler;
+use wcf\system\session\SessionHandler;
 use wcf\system\user\group\assignment\UserGroupAssignmentHandler;
 use wcf\system\WCF;
 use wcf\util\UserRegistrationUtil;
@@ -325,6 +326,13 @@ class UserAction extends AbstractDatabaseObjectAction implements IClipboardActio
 					}
 				}
 			}
+			
+			if (array_key_exists('password', $this->parameters['data'])) {
+				foreach ($this->getObjects() as $object) {
+					SessionHandler::getInstance()->deleteUserSessionsExcept($object->getDecoratedObject(), SessionHandler::getInstance()->sessionID);
+					SessionHandler::getInstance()->deleteAcpSessionsExcept($object->getDecoratedObject(), SessionHandler::getInstance()->sessionID);
+				}
+			}
 		}
 		else {
 			if (empty($this->objects)) {
-- 
2.20.1