Fixed #21649 -- Added optional invalidation of sessions when user password changes.

Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
2025-10-24 06:06:09 +00:00 · 2014-03-31 20:16:09 -04:00
parent 9494f29d4f
commit fd23c06023
12 changed files with 246 additions and 6 deletions
--- a/docs/ref/middleware.txt
+++ b/docs/ref/middleware.txt
@@ -204,6 +204,15 @@ Adds the ``user`` attribute, representing the currently-logged-in user, to
 every incoming ``HttpRequest`` object. See :ref:`Authentication in Web requests
 <auth-web-requests>`.

+.. class:: SessionAuthenticationMiddleware
+
+.. versionadded:: 1.7
+
+Allows a user's sessions to be invalidated when their password changes. See
+:ref:`session-invalidation-on-password-change` for details. This middleware must
+appear after :class:`django.contrib.auth.middleware.AuthenticationMiddleware`
+in :setting:`MIDDLEWARE_CLASSES`.
+
 CSRF protection middleware
 --------------------------