Logout User From all Browser When Password is changed

Question

I have a Reset Password page:

When the user fills the details and clicks the Reset Password button. The following controller is called:

Answer 1

The ASP.NET Identity authentication is dependent on cookies on the user's browser. Because you use two different browsers to test it. You will have two different authentication cookies.Until the cookies expire the user is still authenticated That is why you are getting that results.

So you will have to come with some custom implementation.

For instance, always check if the user's has reset the password and has not yet logged in for the first time with the new password. If they haven't, logout them out and redirect to login. When they login a new auth cookie will be created.