Destroy all sessions on password reset (rails#54524)

Author: izaguirrejoe

railties/lib/rails/generators/rails/authentication/templates/app/controllers/passwords_controller.rb.tt

@@ -19,6 +19,7 @@ class PasswordsController < ApplicationController
 
   def update
     if @user.update(params.permit(:password, :password_confirmation))
+      @user.sessions.destroy_all
       redirect_to new_session_path, notice: "Password has been reset."
     else
       redirect_to edit_password_path(params[:token]), alert: "Passwords did not match."