Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -N -r1.98 -r1.99
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	29 May 2018 15:14:44 -0000	1.98
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	8 Jun 2018 13:39:13 -0000	1.99
@@ -213,11 +213,17 @@
         # $session_expr = PreviousSessionIssue + SessionTimeout
         if { $session_expr - [sec_session_renew] < [ns_time] } {
 
-            # LARS: We abandoned the use of sec_login_handler here. This lets people stay logged in forever
-            # if only the keep requesting pages frequently enough, but the alternative was that
-            # the situation where LoginTimeout = 0 (infinte) and the user unchecks the "Remember me" checkbox
-            # would cause users' sessions to expire as soon as the session needed to be renewed
-            sec_generate_session_id_cookie
+            # # LARS: We abandoned the use of sec_login_handler here. This lets people stay logged in forever
+            # # if only the keep requesting pages frequently enough, but the alternative was that
+            # # the situation where LoginTimeout = 0 (infinte) and the user unchecks the "Remember me" checkbox
+            # # would cause users' sessions to expire as soon as the session needed to be renewed
+            # sec_generate_session_id_cookie
+            
+            # apisano 2018-06-08: as discussed in
+            # https://openacs.org/forums/message-view?message_id=1691183#msg_1691183,
+            # this would break sec_change_user_auth_token as a mean to
+            # invalidate user login...
+            sec_login_handler
         }
 
         #