It'd be helpful to allow resetting passwords for users without logging them out of all of their sessions. When a user doesn't have their security key saved properly, as many do, this will prevent them from loosing access to their message history. What I'd imagine is a query parameter for the user update endpoint, that allows choosing between no logout at all, a soft-logout and a real logout, with the default being the real logout to not have a breaking change there.

I think a soft-logout is probably always the desired thing to do here, but there's also cases where no logout at all is the best option.

For additional context: Awesome-Technologies/synapse-admin#268