Clear existing session when user change password
I think it is a good security measure because it will guarantee to the user if its user was compromised that after changing the password, any stolen session will be invalidated.
We should probably keep the current session.