diff --git a/src/Http/Controllers/CP/Users/PasswordController.php b/src/Http/Controllers/CP/Users/PasswordController.php
index 74ad105cdc..e49bd3cb04 100644
--- a/src/Http/Controllers/CP/Users/PasswordController.php
+++ b/src/Http/Controllers/CP/Users/PasswordController.php
@@ -3,6 +3,7 @@
 namespace Statamic\Http\Controllers\CP\Users;
 
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Validation\Rules\Password;
 use Statamic\Events\UserPasswordChanged;
 use Statamic\Exceptions\NotFoundHttpException;
@@ -15,13 +16,15 @@ public function update(Request $request, $user)
     {
         throw_unless($user = User::find($user), new NotFoundHttpException);
 
+        $updatingOwnPassword = $user->id() == $request->user()->id();
+
         $this->authorize('editPassword', $user);
 
         $rules = [
             'password' => ['required', 'confirmed', Password::default()],
         ];
 
-        if ($request->user()->id === $user) {
+        if ($updatingOwnPassword) {
             $rules['current_password'] = ['required', 'current_password'];
         }
 
@@ -29,6 +32,10 @@ public function update(Request $request, $user)
 
         $user->password($request->password)->save();
 
+        if ($updatingOwnPassword) {
+            Auth::login($user);
+        }
+
         UserPasswordChanged::dispatch($user);
 
         return response('', 204);
diff --git a/src/Http/Middleware/CP/AuthenticateSession.php b/src/Http/Middleware/CP/AuthenticateSession.php
new file mode 100644
index 0000000000..a667d2bb5f
--- /dev/null
+++ b/src/Http/Middleware/CP/AuthenticateSession.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace Statamic\Http\Middleware\CP;
+
+use Illuminate\Http\Request;
+
+class AuthenticateSession extends \Illuminate\Session\Middleware\AuthenticateSession
+{
+    protected function redirectTo(Request $request)
+    {
+        return cp_route('login');
+    }
+}
diff --git a/src/Providers/CpServiceProvider.php b/src/Providers/CpServiceProvider.php
index 53b1472efc..8ed4bccb6a 100644
--- a/src/Providers/CpServiceProvider.php
+++ b/src/Providers/CpServiceProvider.php
@@ -86,6 +86,7 @@ protected function registerMiddlewareGroups()
         ]);
 
         $router->middlewareGroup('statamic.cp.authenticated', [
+            \Statamic\Http\Middleware\CP\AuthenticateSession::class,
             \Statamic\Http\Middleware\CP\Authorize::class,
             \Statamic\Http\Middleware\CP\Localize::class,
             \Statamic\Http\Middleware\CP\SelectedSite::class,
diff --git a/tests/TestCase.php b/tests/TestCase.php
index ed04a38a93..fe830c3212 100644
--- a/tests/TestCase.php
+++ b/tests/TestCase.php
@@ -9,6 +9,7 @@
 use Statamic\Facades\File;
 use Statamic\Facades\Site;
 use Statamic\Facades\YAML;
+use Statamic\Http\Middleware\CP\AuthenticateSession;
 
 abstract class TestCase extends \Orchestra\Testbench\TestCase
 {
@@ -24,6 +25,8 @@ protected function setUp(): void
 
         $this->withoutVite();
 
+        $this->withoutMiddleware(AuthenticateSession::class);
+
         $uses = array_flip(class_uses_recursive(static::class));
 
         if (isset($uses[PreventSavingStacheItemsToDisk::class])) {