Index: openacs-4/packages/acs-authentication/tcl/local-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/tcl/local-procs.tcl,v
diff -u -N -r1.17 -r1.18
--- openacs-4/packages/acs-authentication/tcl/local-procs.tcl	25 Sep 2003 12:48:35 -0000	1.17
+++ openacs-4/packages/acs-authentication/tcl/local-procs.tcl	25 Sep 2003 13:49:05 -0000	1.18
@@ -243,9 +243,6 @@
         return [array get result]
     }
 
-    # Invalidate existing login tokens sitting on random other browsers, just in case
-    sec_change_user_auth_token $user_id
-
     set result(password_status) "ok"
 
     if { [parameter::get -parameter EmailAccountOwnerOnPasswordChangeP -package_id [ad_acs_kernel_id] -default 1] } {
Index: openacs-4/packages/acs-authentication/tcl/password-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/tcl/password-procs.tcl,v
diff -u -N -r1.4 -r1.5
--- openacs-4/packages/acs-authentication/tcl/password-procs.tcl	16 Sep 2003 13:07:42 -0000	1.4
+++ openacs-4/packages/acs-authentication/tcl/password-procs.tcl	25 Sep 2003 13:49:05 -0000	1.5
@@ -115,7 +115,14 @@
     
     # Check the result code and provide canned responses
     switch $result(password_status) {
-        ok {} 
+        ok {
+            # Invalidate existing login tokens sitting on random other browsers out there
+            sec_change_user_auth_token $user_id
+            
+            # Refresh the current user's cookies, so he doesn't get logged out
+            ad_user_login -account_status [ad_conn account_status] $user_id
+            
+        } 
         no_account - not_supported - old_password_bad - new_password_bad - change_error - failed_to_connect {
             if { ![exists_and_not_null result(password_message)] } {
                 array set default_message {