From 5891fd3f89337fc190cf671575407233440d2736 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Mon, 31 Mar 2014 20:16:09 -0400 Subject: [1.7.x] Fixed #21649 -- Added optional invalidation of sessions when user password changes. Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews. Backport of fd23c06023 from master --- docs/ref/middleware.txt | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'docs/ref') diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt index 7bc7a8e84c..08527e0dd3 100644 --- a/docs/ref/middleware.txt +++ b/docs/ref/middleware.txt @@ -204,6 +204,15 @@ Adds the ``user`` attribute, representing the currently-logged-in user, to every incoming ``HttpRequest`` object. See :ref:`Authentication in Web requests `. +.. class:: SessionAuthenticationMiddleware + +.. versionadded:: 1.7 + +Allows a user's sessions to be invalidated when their password changes. See +:ref:`session-invalidation-on-password-change` for details. This middleware must +appear after :class:`django.contrib.auth.middleware.AuthenticationMiddleware` +in :setting:`MIDDLEWARE_CLASSES`. + CSRF protection middleware -------------------------- -- cgit v1.3