Add session signing based on the value of the user's password
|Reported by:||Tim Graham||Owned by:||Tim Graham|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Add another value
('_auth_user_hash', '<some hash stuff>') based on the HMAC of the user's password hash to session verification. This will have the benefit of allowing a user to log out their other sessions by changing the password. Of course, it should not log out the current session.