When a user changes a password, generally the next thing he does is has to log in with the new password because the session stores the old one. Now when a user changes a password, the new password is stored in the session, which enables the user to skip the pointless step of re-entering their new password a third time.