#165358 by John Morahan: do not regenerate the session when the user is saved without a password specified