The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.