A reusable Django app that will invalidate all active sessions after change password.
Since Django 1.7 this feature implemented out of the box.
$ pip install django-password-session
INSTALLED_APPS = (
...
'password_session',
)
MIDDLEWARE_CLASSES = (
...
'password_session.middleware.CheckPasswordHash',
),
INSTALLED_APPS = (
...
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
)
AUTHENTICATION_BACKENDS = (
...
'django.contrib.auth.backends.ModelBackend',
)
MIDDLEWARE_CLASSES = (
...
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
)
from password_session import update_session_auth_hash update_session_auth_hash(request, user)
It's a very simple view for change password just for demonstrating how to update a current session.
from django.contrib.auth.decorators import login_required
from django.http import HttpResponse
from password_session import update_session_auth_hash
def change_password_view(request):
user = request.user
user.set_password(request.POST.get('password'))
user.save()
update_session_auth_hash(request, user)
return HttpResponse("Hello, %s! Your password has been changed!" % user.username)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4