[keycloak-user] Changing passwords and current sessions

Should changing a password invalidate current sessions, or at least the refresh tokens? Or would a user have to change the password AND log out current sessions to invalidate the current sessions and refresh tokens? To me it seems like the latter is the current behavior, I just wanted to make sure that it is desirable. Thanks, Alarik