diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -114,6 +114,11 @@
       end
     end
 
+    # check if password is changed
+    if session[:last_password_hash] != @current_user.hashed_password
+      unauthorized_redirect 'You are forced to log out.'
+    end
+
     if GraderConfiguration.multicontests? 
       return true if @current_user.admin?
       begin
diff --git a/app/controllers/login_controller.rb b/app/controllers/login_controller.rb
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@@ -1,7 +1,7 @@
 class LoginController < ApplicationController
 
   @@authenticators = []
-  
+
   def index
     # show login screen
     reset_session
@@ -34,6 +34,7 @@
 
     #process logging in
     session[:user_id] = user.id
+    session[:last_password_hash] = user.hashed_password
     session[:admin] = user.admin?
 
     # clear forced logout flag for multicontests contest change