the login call can return a restricted sessionId when
the passwordExpired flag is true, have SForce explorer
correctly check the flag and prompt the user to change
their password. Currently if you login with an expired
password, the tries to make other API calls with the
restricted session which fail.