Index: openacs-4/packages/acs-authentication/tcl/local-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/tcl/local-procs.tcl,v diff -u -r1.17 -r1.18 --- openacs-4/packages/acs-authentication/tcl/local-procs.tcl 25 Sep 2003 12:48:35 -0000 1.17 +++ openacs-4/packages/acs-authentication/tcl/local-procs.tcl 25 Sep 2003 13:49:05 -0000 1.18 @@ -243,9 +243,6 @@ return [array get result] } - # Invalidate existing login tokens sitting on random other browsers, just in case - sec_change_user_auth_token $user_id - set result(password_status) "ok" if { [parameter::get -parameter EmailAccountOwnerOnPasswordChangeP -package_id [ad_acs_kernel_id] -default 1] } { Index: openacs-4/packages/acs-authentication/tcl/password-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/tcl/password-procs.tcl,v diff -u -r1.4 -r1.5 --- openacs-4/packages/acs-authentication/tcl/password-procs.tcl 16 Sep 2003 13:07:42 -0000 1.4 +++ openacs-4/packages/acs-authentication/tcl/password-procs.tcl 25 Sep 2003 13:49:05 -0000 1.5 @@ -115,7 +115,14 @@ # Check the result code and provide canned responses switch $result(password_status) { - ok {} + ok { + # Invalidate existing login tokens sitting on random other browsers out there + sec_change_user_auth_token $user_id + + # Refresh the current user's cookies, so he doesn't get logged out + ad_user_login -account_status [ad_conn account_status] $user_id + + } no_account - not_supported - old_password_bad - new_password_bad - change_error - failed_to_connect { if { ![exists_and_not_null result(password_message)] } { array set default_message {