Add session signing based on the value of the user's password
|Reported by:||timo||Owned by:||timo|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||yes|
Add another value ('_auth_user_hash', '<some hash stuff>') based on the HMAC of the user's password hash to session verification. This will have the benefit of allowing a user to log out their other sessions by changing the password. Of course, it should not log out the current session.