When this issue could be resloved? is there any other way that I can show some error message when I use the old password soon after updating the new password?

I manually flushed our Authentication cache earlier this morning.  If you are still able to connect with the old password, that would indicate that that is still the current password.  You can confirm this manually by using the same username/password combination here: http://www.constantcontact.com/login.jsp.

Normally, this would not even be something a typical user sees since there is at most a few minute delay in the Authenticaion cache updating for the API access and this also is only applicable if the API is accessed just before changing the password (which is not a typical user scenario).  The only time I've previously run into this scenario was during internal testing of some password flows when everything was being done in real time.