Remove admin privileges for session_younger_than validator

Created by: temparus

Admins should not have special privileges with the session_younger_than validator. So administrators should also comply with this validator.

Otherwise, if someone steals the token from an administrator, a password for any user can be set.