Django developers,
I would like to reopen #31970 <https://code.djangoproject.com/ticket/31970>.
In short, the problem is - if a user is logged in with more than one
browser, and when we upgrade Django to any version which
*PBKDF2PasswordHasher.iterations* changes (which is *any* new version), and
then the user logs in again - this logs them out from all other browsers. I
think this is a bug.
I found out that this can be avoided by changing *def must_update*, for
example if you change it to something like:
def must_update(self, encoded):
# Update the stored password only if the iterations diff is at
least 250,000.
algorithm, iterations, salt, hash = encoded.split('$', 3)
iterations_diff = abs(self.iterations - int(iterations))
return ((int(iterations) != self.iterations) and (iterations_diff
>= 250000))
Or even simply:
def must_update(self, encoded):
return False
אורי
u...@speedy.net
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/CABD5YeGAGHjA-jCEEcJbMmp7i2XFUZ4w7u7Waz-YMo5gYRPQpA%40mail.gmail.com.
