diff --git a/app/controllers/api/v2/users_controller.rb b/app/controllers/api/v2/users_controller.rb
index 812d4f8b98..574b8130d6 100644
--- a/app/controllers/api/v2/users_controller.rb
+++ b/app/controllers/api/v2/users_controller.rb
@@ -41,6 +41,7 @@ def update
     validate_json!(User::USER_FIELDS_SCHEMA, user_params)
     @user.update_with_properties(@user_params)
     @user.save!
+    keep_user_signed_in
   end
 
   def destroy
@@ -73,4 +74,8 @@ def welcome
   def identity_sync
     @user.identity_sync(current_user)
   end
+
+  def keep_user_signed_in
+    bypass_sign_in(@user) if @user.saved_change_to_encrypted_password?
+  end
 end
diff --git a/spec/requests/api/v2/users_controller_spec.rb b/spec/requests/api/v2/users_controller_spec.rb
index 977d7a2279..01c2485f3e 100644
--- a/spec/requests/api/v2/users_controller_spec.rb
+++ b/spec/requests/api/v2/users_controller_spec.rb
@@ -667,6 +667,21 @@
       expect(user1.identity_provider.unique_id).to eq(@identity_provider_b.unique_id)
     end
 
+    it 'keeps user signed in when password changed' do
+      sign_in(@user_d)
+      params = {
+        data: {
+          password: 'primer0!',
+          password_confirmation: 'primer0!'
+        }
+      }
+      patch("/api/v2/users/#{@user_d.id}", params:)
+      expect(response).to have_http_status(200)
+      get('/api/v2/roles')
+      expect(response).to have_http_status(200)
+      expect(controller.current_user).to eq(@user_d)
+    end
+
     it "returns 403 if user isn't authorized to update users" do
       login_for_test
       params = {