Isn't the redirect automatically happening via auth.settings.change_password_next?, if this is the case, I believe you would need session.flash.
Why are you using javascript's "document.location=..." instead of web2py's redirect?. The session.flash might be lost because of these javascript redirection.
