Comment 3 for bug 1046114

Probably because we're drawing their institution memberships from the database when they log in, and then storing them in the user's session and not checking for updates on subsequent page loads (since it's quite rare for a user's institution memberships to change).

We could force the user to log out and back in again, though, by calling the function remove_user_sessions($userid). For instance, this is what we call in admin/users/edit.php, when an admin changes a user's account settings, to force them to log out and back in again.

Cheers,
Aaron