It was discussed in the related issue of MDL-58353 that we may be able to consolidate the admin settings 'passwordchangelogout' and 'passwordchangetokendeletion'.

It could be argued that the user does not much care about the difference between these two and may actually find the distinction confusing.

There are a two ways we can handle this:

1. Keep the current admin settings, but give the user only one option whenever it presents itself. I.e., whenever they are asked to log out after a password change, we log them out of everything without differentiating between browser sessions and web apps. The two admin settings would still remain.
2. Actually consolidate the two admin settings and replace the double checkboxes with a single one in all applicable areas.

The affected pages:

• login/change_password.php
• login/set_password_form.php
• report/usersessions/user.php

The change_password.php currently has two checkboxes that can be set to log out other browser sessions and to log out other web apps (see screenshot). Replacing these checkboxes would be a new checkbox which would perform log outs in both these areas.

The report/usersessions/user.php page will require some reworking as it currently only reports on browser sessions. It would need to include web app tokens too.