On Thu, Jun 19, 2014 at 1:07 PM, Vaal <[email protected]> wrote: > This would be useful in a situation when the user changes the password, and > we could remove all the sessions of that user. > For example the user changes the password because he believes that pass has > been compromised. But if the attacker was already has active session - it > will not be interrupted. >
Django 1.7 changes this. See https://docs.djangoproject.com/en/1.7/topics/auth/default/#session-invalidation-on-password-change Regards, -- Ramiro Morales @ramiromorales -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAO7PdF81VrLaF5GsZYxbBEVZsoBNuzXJg%2BW87nQB3_hsXcgYFg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
