pub async fn set_password(db: &Db, id: i64, password: &str) -> Result<(), Error>Expand description
Replace a user’s password hash and invalidate every live session for that user in the same transaction.
Without the session sweep, a cookie stolen before the password change would survive the rotation. After this call, the user must sign in again on every device — which is the intent of a password change.