Restricting access to account?


Let me start with saying that I realize the following problem I am having is due to terrible practice regarding account security. With that being said, I’ll describe the issue I am having.

I have been helping a friend of mine learn javascript, and he has been logging into my account to share my work spaces. We have since had issues where I no longer wish to share my account with him. I have changed my password and searched for a way to view the “sessions” that are logged into my account, but cannot find one. I had assumed changing my password would kick logged in users out, and request a new password.

So for the time being, until he voluntarily logs out, he still has access to my account. Does anyone have suggestions for how to log all users out? Or the best practice for this situation?