auto sign out after password change

model.py

@@ -866,3 +866,12 @@ def change_password(session_id, password):
                 SET password = ?
                 WHERE ? IN (SELECT session_id FROM sessions WHERE sessions.user_id = users.rowid)
                 ''', (password, session_id,))
+
+
+def sign_out_user(session_id):
+    connect()
+
+    cursor.execute('''
+        DELETE FROM sessions s1
+        WHERE user_id = (SELECT user_id FROM sessions s2 WHERE session_id = ?)
+        ''', (session_id,))

server_controller.py

@@ -159,6 +159,7 @@ def change_password():
     if missing:
         return bad_request(missing)
     model.change_password(request.json['session_id'], request.json['password'])
+    model.sign_out_user(request.json['session_id'])
     return {'message': "Successfully deleted order"}