For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.
Security
Securing Nginx + PHP When Using Path Info
Remember register globals? Remember how you had to code as if it was off, because it might be? Remember how you had to consider the security implications of it being…