Existing sessions are not correctly invalidated when a user changes their password

PKSA-fcyb-3n6p-v7sp CVE-2019-10641

Affected version: >=3.0.0,<3.5.39

Reported by:
FriendsOfPHP/security-advisories