@Fragmented_Cat had pointed out to me on Steam when you change your password on one device, normally that should invalidate the existing session on any other devices you are logged onto. In this case it doesn't. I'm not talking about passwords being saved on your browser, this is for when you choose to allow the site to remember your session as long as your, password stays the same, or cookies/cache are still there or you haven't wiped out your saved passwords on your browser.
I think I may recall this happening to me. I know most of the users on this site will not be stupid enough to leave themselves logged on in public devices as such but would this foolproof unsuspecting users?
In summary, my guess is Drupal and Discourse aren't playing well with each other.