Issue #1939132 by lauriii, Albert Volkman, trawekp, David_Rothstein: Password reset token is never deleted from the user's session after the password is changed.