add an array of session ids to retain.

services/web/app/coffee/Features/User/UserController.coffee

@@ -121,7 +121,7 @@ module.exports = UserController =
 					logger.log user: user, "password changed"
 					AuthenticationManager.setUserPassword user._id, newPassword1, (error) ->
 						return next(error) if error?
-						UserSessionsManager.revokeAllUserSessions user, (err) ->
+						UserSessionsManager.revokeAllUserSessions user, [req.sessionID], (err) ->
 							return next(err) if err
 							res.send
 								message:

services/web/app/coffee/Features/User/UserSessionsManager.coffee

@@ -2,6 +2,7 @@ Settings = require('settings-sharelatex')
 redis = require('redis-sharelatex')
 logger = require("logger-sharelatex")
 Async = require('async')
+_ = require('underscore')
 
 rclient = redis.createClient(Settings.redis.web)
 
@@ -57,7 +58,9 @@ module.exports = UserSessionsManager =
 				UserSessionsManager._checkSessions(user, () ->)
 				callback()
 
-	revokeAllUserSessions: (user, callback=(err)->) ->
+	revokeAllUserSessions: (user, retain, callback=(err)->) ->
+		if !retain
+			retain = []
 		if !user
 			logger.log {}, "no user to revoke sessions for, returning"
 			return callback(null)
@@ -67,10 +70,11 @@ module.exports = UserSessionsManager =
 			if err
 				logger.err {err, user_id: user._id, sessionSetKey}, "error getting contents of UserSessions set"
 				return callback(err)
-			logger.log {user_id: user._id, count: sessionKeys.length}, "deleting sessions for user"
+			keysToDelete = _.filter(sessionKeys, (k) => k not in retain)
+			logger.log {user_id: user._id, count: keysToDelete.length}, "deleting sessions for user"
 			rclient.multi()
-				.del(sessionKeys)
-				.srem(sessionSetKey, sessionKeys)
+				.del(keysToDelete)
+				.srem(sessionSetKey, keysToDelete)
 				.exec (err, result) ->
 					if err
 						logger.err {err, user_id: user._id, sessionSetKey}, "error revoking all sessions for user"

services/web/test/UnitTests/coffee/User/UserControllerTests.coffee

@@ -47,7 +47,7 @@ describe "UserController", ->
 		@UserSessionsManager =
 			trackSession: sinon.stub()
 			untrackSession: sinon.stub()
-			revokeAllUserSessions: sinon.stub().callsArgWith(1, null)
+			revokeAllUserSessions: sinon.stub().callsArgWith(2, null)
 		@UserController = SandboxedModule.require modulePath, requires:
 			"./UserLocator": @UserLocator
 			"./UserDeleter": @UserDeleter

services/web/test/UnitTests/coffee/User/UserSessionsManager.coffee

@@ -254,7 +254,7 @@ describe 'UserSessionsManager', ->
 			@rclient.smembers.callsArgWith(1, null, @sessionKeys)
 			@rclient.exec.callsArgWith(0, null)
 			@call = (callback) =>
-				@UserSessionsManager.revokeAllUserSessions @user, callback
+				@UserSessionsManager.revokeAllUserSessions @user, [], callback
 
 		it 'should not produce an error', (done) ->
 			@call (err) =>
@@ -266,10 +266,13 @@ describe 'UserSessionsManager', ->
 			@call (err) =>
 				@rclient.smembers.callCount.should.equal 1
 				@rclient.multi.callCount.should.equal 1
+
 				@rclient.del.callCount.should.equal 1
-				@rclient.del.firstCall.args[0].should.deep.equal(@sessionKeys)
+				expect(@rclient.del.firstCall.args[0]).to.deep.equal @sessionKeys
+
 				@rclient.srem.callCount.should.equal 1
-				@rclient.srem.firstCall.args[1].should.deep.equal(@sessionKeys)
+				expect(@rclient.srem.firstCall.args[1]).to.deep.equal @sessionKeys
+
 				@rclient.exec.callCount.should.equal 1
 				done()
 
@@ -287,7 +290,7 @@ describe 'UserSessionsManager', ->
 
 			beforeEach ->
 				@call = (callback) =>
-					@UserSessionsManager.revokeAllUserSessions null, callback
+					@UserSessionsManager.revokeAllUserSessions null, [], callback
 
 			it 'should not produce an error', (done) ->
 				@call (err) =>