diff --git a/app/controllers/Clas.scala b/app/controllers/Clas.scala
index 0c1e4ed2ca..26817c9ea0 100644
--- a/app/controllers/Clas.scala
+++ b/app/controllers/Clas.scala
@@ -358,7 +358,8 @@ final class Clas(
   def studentResetPassword(id: String, username: String) = Secure(_.Teacher) { _ => me =>
     WithClass(me, id) { _ => clas =>
       WithStudent(clas, username) { s =>
-        env.clas.api.student.resetPassword(s.student) map { password =>
+        env.security.store.closeAllSessionsOf(s.user.id) >>
+          env.clas.api.student.resetPassword(s.student) map { password =>
           Redirect(routes.Clas.studentShow(clas.id.value, username))
             .flashing("password" -> password.value)
         }
diff --git a/modules/security/src/main/Store.scala b/modules/security/src/main/Store.scala
index 91baf4aab4..d961073851 100644
--- a/modules/security/src/main/Store.scala
+++ b/modules/security/src/main/Store.scala
@@ -92,6 +92,15 @@ final class Store(val coll: Coll, localIp: IpAddress)(implicit ec: scala.concurr
       )
       .void
 
+  def closeAllSessionsOf(userId: User.ID): Funit =
+    coll.update
+      .one(
+        $doc("user" -> userId, "up" -> true),
+        $set("up"   -> false),
+        multi = true
+      )
+      .void
+
   // useful when closing an account,
   // we want to logout too
   def disconnect(userId: User.ID): Funit =