A common problem for form authentication is wanting to have a password change feature that does not require a logout/login cycle to update the session id/password association. We need to look into whether there is a secure way to support updating the session password to avoid this.