Session Does Not Expire On Password Reset

So Here’s my short writeup on this.

To test this follow the steps:

1. Signup for an account on a website you want to test.
2. Login with the same account in two browsers simultaneously.
3. Change the password of the account from any one browser.
4. If the vulnerability exists then the account will not be logged out from another browser.

Now, you have account logged in with two browsers one with the changed password and other with the old password.

It means that session of account containing the old password does not expire.