A user is authenticated even if the password is changed.
If a user is logged in with the Remember Me option enabled, you cannot stop the session until the cookie expires.