Please note I've already consulted secur...@djangoproject.com about this and Jacob told me to post it here if I wanted to.
One problem with authenticated sessions is that, upon de-activation of a user's account, any sessions that user has remain live until they logout. I think it would be a good idea to add a middleware to auth which checked is_active and, if it was found to be False, redirected the user to the logout url. Indeed it may look something like this: http://dpaste.com/184192/ -Steve -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.