#21649: Add session signing based on the value of the user's password ------------------------------+------------------------------------ Reporter: timo | Owner: timo Type: New feature | Status: new Component: contrib.auth | Version: master Severity: Normal | Resolution: Keywords: | Triage Stage: Accepted Has patch: 1 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 ------------------------------+------------------------------------
Comment (by PaulM): I think in the past we've done work to preserve sessions across version upgrades. This of course has the downside of making the full benefit of the patch take an extra version to manifest. I personally don't mind sessions going away during upgrade, but I believe that some users of Django may not be comfortable with that. I'd defer to Jacob or Luke or another conservative core dev. The upgrade code path shouldn't be too complex in this case. -- Ticket URL: <https://code.djangoproject.com/ticket/21649#comment:2> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/062.1f811bc93c716e31dd32d1b59475c477%40djangoproject.com. For more options, visit https://groups.google.com/groups/opt_out.