A reusable Django app that will invalidate all active sessions after change password.
Since Django 1.7 this feature implemented |warninglink|_.
.. _warninglink: https://docs.djangoproject.com/en/dev/topics/auth/default/#session-invalidation-on-password-change
.. |warninglink| replace:: out of the box
.. image:: https://badge.fury.io/py/django-password-session.png :target: http://badge.fury.io/py/django-password-session
.. image:: https://api.travis-ci.org/atugushev/django-password-session.png :target: https://travis-ci.org/atugushev/django-password-session
.. image:: https://coveralls.io/repos/atugushev/django-password-session/badge.png?branch=master :target: https://coveralls.io/r/atugushev/django-password-session?branch=master
.. code-block:: bash
$ pip install django-password-session.. code-block:: python
INSTALLED_APPS = (
...
'password_session',
).. code-block:: python
MIDDLEWARE_CLASSES = (
...
'password_session.middleware.CheckPasswordHash',
),.. code-block:: python
INSTALLED_APPS = (
...
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
)
AUTHENTICATION_BACKENDS = (
...
'django.contrib.auth.backends.ModelBackend',
)
MIDDLEWARE_CLASSES = (
...
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
).. code-block:: python
from password_session import update_session_auth_hash
update_session_auth_hash(request, user)It's a very simple view for change password just for demonstrating how to update a current session.
.. code-block:: python
from django.contrib.auth.decorators import login_required
from django.http import HttpResponse
from password_session import update_session_auth_hash
def change_password_view(request):
user = request.user
user.set_password(request.POST.get('password'))
user.save()
update_session_auth_hash(request, user)
return HttpResponse("Hello, %s! Your password has been changed!" % user.username)