The password is a "tinytext", whatever that is. (I know Postgres, not MySQL.) If the page timed out and it claims that you are not logged in, the new password is in effect. My guess is that a tinytext is shorter than 28 characters. Try the first 16 characters, and other lengths, of your password.
Scratch that idea. A tinytext is up to 255 characters.
phma