The password is a "tinytext", whatever that
is. (I know Postgres, not
MySQL.) If the page timed out and it claims that you are not logged in, the
new password is in effect. My guess is that a tinytext is shorter than 28
characters. Try the first 16 characters, and other lengths, of your
password.
Scratch that idea. A tinytext is up to 255 characters.
phma