change authentication cookie as well at client side in same transaction.
This way a logged in user is able to change current password without
being kicked out of the system within.