I’ve noticed that active sessions on other devices are not logged out, after the user resets the password from email. This is contradicting to the following post:
In my case, we are using implicit flow with form post, not the code-for-token:
Is there a way to automatically sign out user sessions? Thanks.