diff --git a/tests/password-update-test.js b/tests/password-update-test.js
index a33ac55680e34f4f5bfc6c2c3c06691b4d77d0a2..173794d518f2bdb59bcca4356e34079b197d868a 100755
--- a/tests/password-update-test.js
+++ b/tests/password-update-test.js
@@ -92,6 +92,30 @@ suite.addBatch({
   }
 });
 
+var context2 = {};
+suite.addBatch({
+  "establishing a second session": {
+    topic: wsapi.post('/wsapi/authenticate_user', {
+      email: TEST_EMAIL,
+      pass: OLD_PASSWORD,
+      ephemeral: false
+    }, context2),
+    "works as expected": function(err, r) {
+      assert.strictEqual(JSON.parse(r.body).success, true);
+    }
+  }
+});
+
+suite.addBatch({
+  "using the second session": {
+    topic: wsapi.post('/wsapi/prolong_session', {}, context2),
+    "works as expected": function(err, r) {
+      assert.strictEqual(r.code, 200);
+      assert.strictEqual(r.body, "OK");
+    }
+  }
+});
+
 suite.addBatch({
   "updating the password without specifying a proper old password": {
     topic: wsapi.post('/wsapi/update_password', {
@@ -148,6 +172,12 @@ suite.addBatch({
     "fails as expected": function(err, r) {
       assert.strictEqual(JSON.parse(r.body).success, false);
     }
+  },
+  "using the other (expired) session": {
+    topic: wsapi.post('/wsapi/prolong_session', {}, context2),
+    "fails as expected": function(err, r) {
+      assert.strictEqual(r.code, 403);
+    }
   }
 });