This procedure sec_change_user_auth_token changes the user_id's auth token on the serveren the login cookie is checked it is validated against this token. This should do exactly what you want simply.
If that is not working, please investigate and help us fix it.
