I do not think there is anything to reopen because it works as designed. Password changes cause other browser sessions to be terminated because the session auth hash no longer matches. You can use a custom user model and override `get_session_auth_hash` but the defaults won't change, sorry.
On Thursday, September 3, 2020 at 4:56:13 AM UTC+2 Uri wrote: > Django developers, > > I would like to reopen #31970 > <https://code.djangoproject.com/ticket/31970>. In short, the problem is - > if a user is logged in with more than one browser, and when we upgrade > Django to any version which *PBKDF2PasswordHasher.iterations* changes > (which is *any* new version), and then the user logs in again - this logs > them out from all other browsers. I think this is a bug. > > I found out that this can be avoided by changing *def must_update*, for > example if you change it to something like: > > def must_update(self, encoded): > # Update the stored password only if the iterations diff is at least > 250,000. > algorithm, iterations, salt, hash = encoded.split('$', 3) > iterations_diff = abs(self.iterations - int(iterations)) > return ((int(iterations) != self.iterations) and (iterations_diff >= > 250000)) > > Or even simply: > > def must_update(self, encoded): > return False > > > אורי > u...@speedy.net > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/87b16804-3da2-46b7-8ff5-466cd2f38aa2n%40googlegroups.com.
