Usually it's happened that when you change password or sign out from one place (or one browser), automatically someone who is open same account will sign out too from another browser. Basically your session destroyed at server side... But in your site, it still alive..
Detail About Vulnerability and PoC on Attachment File
Noted: You can try these vulnerability in another site. (e.g cryptfolio.com, facebook.com, etc). It's not alive when another has changed password and sign out
For More Information about This Vulnerability You can check OWASP Guide
Account profile still can be edited even in another browser the account has signedout and changed password