summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/auth.txt5
1 files changed, 3 insertions, 2 deletions
diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt
index 528c7c8718..1e73abd5a1 100644
--- a/docs/topics/auth.txt
+++ b/docs/topics/auth.txt
@@ -1783,8 +1783,9 @@ processing at the first positive match.
Once a user has authenticated, Django stores which backend was used to
authenticate the user in the user's session, and re-uses the same backend
- for subsequent authentication attempts for that user. This effectively means
- that authentication sources are cached, so if you change
+ for the duration of that session whenever access to the currently
+ authenticated user is needed. This effectively means that authentication
+ sources are cached on a per-session basis, so if you change
:setting:`AUTHENTICATION_BACKENDS`, you'll need to clear out session data if
you need to force users to re-authenticate using different methods. A simple
way to do that is simply to execute ``Session.objects.all().delete()``.