diff options
| author | Tim Graham <timograham@gmail.com> | 2014-03-31 20:16:09 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2014-04-05 12:50:51 -0400 |
| commit | fd23c06023a0585ee743c0752dc94da66694cf63 (patch) | |
| tree | d5aead631b7e7dd4d813326cc6d6d660cf5e8dc5 /docs/ref | |
| parent | 9494f29d4fffc30e6ae111a995ca1d07a0cbf439 (diff) | |
Fixed #21649 -- Added optional invalidation of sessions when user password changes.
Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/middleware.txt | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt index 0898ca516a..f7a6768d3c 100644 --- a/docs/ref/middleware.txt +++ b/docs/ref/middleware.txt @@ -204,6 +204,15 @@ Adds the ``user`` attribute, representing the currently-logged-in user, to every incoming ``HttpRequest`` object. See :ref:`Authentication in Web requests <auth-web-requests>`. +.. class:: SessionAuthenticationMiddleware + +.. versionadded:: 1.7 + +Allows a user's sessions to be invalidated when their password changes. See +:ref:`session-invalidation-on-password-change` for details. This middleware must +appear after :class:`django.contrib.auth.middleware.AuthenticationMiddleware` +in :setting:`MIDDLEWARE_CLASSES`. + CSRF protection middleware -------------------------- |
