1👍
The approach what you are following is not correct.
If you want to force the user to change the password, set the flag and if flag is true redirect the user to change the password.
If you kill the user will be redirected to login page by default in any web application.
Thanks.
Source:stackexchange.com