On Thu, Jun 19, 2014 at 1:07 PM, Vaal <vaal...@gmail.com> wrote: > This would be useful in a situation when the user changes the password, and > we could remove all the sessions of that user. > For example the user changes the password because he believes that pass has > been compromised. But if the attacker was already has active session - it > will not be interrupted. >
Django 1.7 changes this. See https://docs.djangoproject.com/en/1.7/topics/auth/default/#session-invalidation-on-password-change Regards, -- Ramiro Morales @ramiromorales -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAO7PdF81VrLaF5GsZYxbBEVZsoBNuzXJg%2BW87nQB3_hsXcgYFg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
