Workaround for timestamps rounding issues with Rails4.2 and mysql5.7 that may kill user session after password is changed (#17460).

git-svn-id: http://svn.redmine.org/redmine/trunk@14011 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/my_controller.rb

@@ -102,7 +102,7 @@ class MyController < ApplicationController
         if @user.save
           # Reset the session creation time to not log out this session on next
           # request due to ApplicationController#force_logout_if_password_changed
-          session[:ctime] = Time.now.utc.to_i
+          session[:ctime] = User.current.passwd_changed_on.utc.to_i
           flash[:notice] = l(:notice_account_password_updated)
           redirect_to my_account_path
         end

app/models/user.rb

@@ -314,7 +314,7 @@ class User < Principal
   def salt_password(clear_password)
     self.salt = User.generate_salt
     self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
-    self.passwd_changed_on = Time.now
+    self.passwd_changed_on = Time.now.change(:usec => 0)
   end
 
   # Does the backend storage allow this user to change their password?