There is an user sessions issue on your application that should be fixed.
Steps to reproduce the bug :
Step 1 : Go to Browser A at and login with your credentials at https://www.activecampaign.com/login/ and login with your credentials.
Step 2 : Similarly, Go to Browser B at and login with your same credentials at https://www.activecampaign.com/login and login with your credentials.
Step 3 : Suppose Browser B is an shared computer’s browser, and you left your account logged in at that computer. Go to Browser A and change your account
Step 4 : When you change your account password at Browser A , the session at Browser B should expire and the account should automatically logged out.
Step 5 : Go to Browser B , and visit your account page and refresh the page.
You will notice that even after changing the account password at Browser A , the session at Browser B didn’t expired which can cause major problems. And also after that i can change user information
Authentication and session management includes all aspects of handling user authentication and managing active sessions. Authentication is a critical aspect of this process, but even solid authentication mechanisms can be undermined by flawed credential management functions, including password change, forgot my password, remember my password, account update, and other related functions. Because “walk by” attacks are likely for many web applications, all account management functions should require reauthentication even if the user has a valid session id.