Admin password/email changed and he still logged in and carried operations

So the problem is that once session is created, it on it's own does not know that it should log user out.

I might be wrong, but I assume searching for sessions connected to specific users is also going to be more work than it's worth, depending on you site usage and which storage engine you use, potentially even impossible.

You could create table for forced re-logins, so if user password or email is changed, it adds record with user ID in that table.

For every logged in admin request, you check if current session user ID is present, if so, log user out, remove record.

It adds 1 additional check for every single request, but that's probably only way you can make sure users are logged out the second changes were made.

I think your last option is what worth implementing.  Thank you very much Pertti