Drupal core behaviour is to regenerate the session id when a user changes their password. When using redis_ssi, this will create an inconsistency between the value stored in the cookie (and therefore sent with each request) and the value stored initially in Redis (thanks to the code in redis_ssi_user_login()).

My proposed solution is in the patch attached. Quite straightforwardly, it relies on hook_user_update() to resync the session id to Redis, should it be required.

CommentFileSizeAuthor
redis_ssi-sync-session-id.patch1.06 KBvincenzo