New version 6.x-2.2 of Secure Password Hashes module

install/CHANGELOG.txt

@@ -67,7 +67,7 @@ SuiteDesk 0.1.0, 2017-07-24
         Security
         + Generate Password 6.x-1.4
         + Password policy 6.x-1.11
-        + Secure Password Hashes 6.x-2.1
+        + Secure Password Hashes 6.x-2.2
         + Secure Pages 6.x-2.1
         + Secure Pages Hijack Prevention 6.x-2.0-rc1
 

modules/phpass/phpass.info

@@ -4,9 +4,8 @@ package = Security
 core = 6.x
 php = 5.2.4
 
-; Information added by Drupal.org packaging script on 2014-11-19
+; Information added by Drupal.org packaging script on 2016-06-22
-version = "6.x-2.1"
+version = "6.x-2.2"
 core = "6.x"
 project = "phpass"
-datestamp = "1416425332"
+datestamp = "1466620440"
-

modules/phpass/phpass.module

@@ -15,6 +15,21 @@ function phpass_user($op, &$edit, &$account, $category = NULL) {
       // Catch password changes and update the password hash.
       if (!empty($edit['pass'])) {
         phpass_user_rehash_password($account, $edit['pass']);
+
+        // If the password changed, delete all open sessions and recreate
+        // the current one. The following code is copied from user.module
+        if (is_object($account) && $account->uid) {
+          sess_destroy_uid($account->uid);
+          if ($account->uid == $GLOBALS['user']->uid) {
+            if (function_exists('drupal_session_regenerate')) {
+              // Support for Pressflow.
+              drupal_session_regenerate();
+            }
+            else {
+              sess_regenerate();
+            }
+          }
+        }
       }
       // Prevent the md5 from being saved on update.
       $edit['pass'] = NULL;