diff options
| author | Tim Graham <timograham@gmail.com> | 2014-03-31 20:16:09 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2014-04-05 13:01:03 -0400 |
| commit | 5891fd3f89337fc190cf671575407233440d2736 (patch) | |
| tree | 4bf367c7e81e97c81d49d25e3228025a01393445 /docs/ref | |
| parent | 4ad4a236de1726eac6da1f865c9f2f80e080794f (diff) | |
[1.7.x] Fixed #21649 -- Added optional invalidation of sessions when user password changes.
Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
Backport of fd23c06023 from master
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/middleware.txt | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt index 7bc7a8e84c..08527e0dd3 100644 --- a/docs/ref/middleware.txt +++ b/docs/ref/middleware.txt @@ -204,6 +204,15 @@ Adds the ``user`` attribute, representing the currently-logged-in user, to every incoming ``HttpRequest`` object. See :ref:`Authentication in Web requests <auth-web-requests>`. +.. class:: SessionAuthenticationMiddleware + +.. versionadded:: 1.7 + +Allows a user's sessions to be invalidated when their password changes. See +:ref:`session-invalidation-on-password-change` for details. This middleware must +appear after :class:`django.contrib.auth.middleware.AuthenticationMiddleware` +in :setting:`MIDDLEWARE_CLASSES`. + CSRF protection middleware -------------------------- |
