Hi

with 1.4.1.6 : if a user changes his password, he is logout (he should login with his new password)
with 1.4.2 : if a user changes his password, he isn't logout

is-it an issue or is-it the right way ?

For me with 1.4.2 when a user changes his password he has to re-log in. I really do not see how this could be any different since the hash code saved when the new password is made will be different and the cookie hash code will not match.

This is presuming that there is no highly unlikely event that the hash of the old and new passwords were identical.

I suggest your browser has cached the page and not asked for a refresh.

you are right !
after other tests, it's OK for me.