Bug #78739
Updated by Helmut Hummel about 8 years ago
AbstractUserAuthentication stores a copy of the session id (don't ask me why).
When regenerating the session id we need to update this storage as well.
This error was the reason for getting the invalid token message, after a re-login, when IP address changed.
After successful login the id is regenerated. Then the FormProtection framework save the form token to the session
with setAndSaveSessioData, which failed because this method tried to update the session data from the old id.