summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2016-12-31 13:58:42 -0500
committerTim Graham <timograham@gmail.com>2017-01-17 20:52:05 -0500
commit401c5b2e42bf9134d9221f446765dd0777306f0b (patch)
tree1515094fe0de0af1acb1bd0e18b45623384240ab /docs
parentd334f46b7a080fd3eb720141c19b37b10704a352 (diff)
Refs #23957 -- Removed the useless SessionAuthenticationMiddleware.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/2.0.txt4
-rw-r--r--docs/topics/auth/default.txt9
2 files changed, 3 insertions, 10 deletions
diff --git a/docs/releases/2.0.txt b/docs/releases/2.0.txt
index ec5e0aada9..3ae58ed858 100644
--- a/docs/releases/2.0.txt
+++ b/docs/releases/2.0.txt
@@ -212,7 +212,9 @@ Database backend API
Miscellaneous
-------------
-* ...
+* The ``SessionAuthenticationMiddleware`` class is removed. It provided no
+ functionality since session authentication is unconditionally enabled in
+ Django 1.10.
.. _deprecated-features-2.0:
diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt
index 5869ff0d30..b1f111c092 100644
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@@ -824,15 +824,6 @@ user to the login page or issue an HTTP 403 Forbidden response.
Session invalidation on password change
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.. versionchanged:: 1.10
-
- Session verification is enabled and mandatory in Django 1.10 (there's no
- way to disable it) regardless of whether or not
- ``SessionAuthenticationMiddleware`` is enabled. In older
- versions, this protection only applies if
- ``django.contrib.auth.middleware.SessionAuthenticationMiddleware``
- is enabled in :setting:`MIDDLEWARE`.
-
If your :setting:`AUTH_USER_MODEL` inherits from
:class:`~django.contrib.auth.models.AbstractBaseUser` or implements its own
:meth:`~django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash()`