summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2014-03-31 20:16:09 -0400
committerTim Graham <timograham@gmail.com>2014-04-05 13:01:03 -0400
commit5891fd3f89337fc190cf671575407233440d2736 (patch)
tree4bf367c7e81e97c81d49d25e3228025a01393445 /docs/ref
parent4ad4a236de1726eac6da1f865c9f2f80e080794f (diff)
[1.7.x] Fixed #21649 -- Added optional invalidation of sessions when user password changes.
Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews. Backport of fd23c06023 from master
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/middleware.txt9
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt
index 7bc7a8e84c..08527e0dd3 100644
--- a/docs/ref/middleware.txt
+++ b/docs/ref/middleware.txt
@@ -204,6 +204,15 @@ Adds the ``user`` attribute, representing the currently-logged-in user, to
every incoming ``HttpRequest`` object. See :ref:`Authentication in Web requests
<auth-web-requests>`.
+.. class:: SessionAuthenticationMiddleware
+
+.. versionadded:: 1.7
+
+Allows a user's sessions to be invalidated when their password changes. See
+:ref:`session-invalidation-on-password-change` for details. This middleware must
+appear after :class:`django.contrib.auth.middleware.AuthenticationMiddleware`
+in :setting:`MIDDLEWARE_CLASSES`.
+
CSRF protection middleware
--------------------------