diff options
| author | Tim Graham <timograham@gmail.com> | 2016-12-31 13:58:42 -0500 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2017-01-17 20:52:05 -0500 |
| commit | 401c5b2e42bf9134d9221f446765dd0777306f0b (patch) | |
| tree | 1515094fe0de0af1acb1bd0e18b45623384240ab /docs | |
| parent | d334f46b7a080fd3eb720141c19b37b10704a352 (diff) | |
Refs #23957 -- Removed the useless SessionAuthenticationMiddleware.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/2.0.txt | 4 | ||||
| -rw-r--r-- | docs/topics/auth/default.txt | 9 |
2 files changed, 3 insertions, 10 deletions
diff --git a/docs/releases/2.0.txt b/docs/releases/2.0.txt index ec5e0aada9..3ae58ed858 100644 --- a/docs/releases/2.0.txt +++ b/docs/releases/2.0.txt @@ -212,7 +212,9 @@ Database backend API Miscellaneous ------------- -* ... +* The ``SessionAuthenticationMiddleware`` class is removed. It provided no + functionality since session authentication is unconditionally enabled in + Django 1.10. .. _deprecated-features-2.0: diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt index 5869ff0d30..b1f111c092 100644 --- a/docs/topics/auth/default.txt +++ b/docs/topics/auth/default.txt @@ -824,15 +824,6 @@ user to the login page or issue an HTTP 403 Forbidden response. Session invalidation on password change ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.. versionchanged:: 1.10 - - Session verification is enabled and mandatory in Django 1.10 (there's no - way to disable it) regardless of whether or not - ``SessionAuthenticationMiddleware`` is enabled. In older - versions, this protection only applies if - ``django.contrib.auth.middleware.SessionAuthenticationMiddleware`` - is enabled in :setting:`MIDDLEWARE`. - If your :setting:`AUTH_USER_MODEL` inherits from :class:`~django.contrib.auth.models.AbstractBaseUser` or implements its own :meth:`~django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash()` |
