My Users can change their passwords on a form. If this the form is valid I encode it, invalidate the session by using
$this->get('security.context')->setToken(null);
$this->getSession()->invalidate();
...flush the user to the database and do a redirect (to the same url).
Beside this I have a mechanism to store some information in the session before forwarding and showing this data in the 'forwarded' template.
Both work well on their own, but not together :-)
I can see, that the value is written (after invalidating the session) and I believe, that symfony instantiates a new session.
I just don't know, what happens after that. Maybe symfony is doing 'some magic', because it 'injects' the login-page before show the redirected url.