Re: [Django] #31970: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

2020-09-03 Thread Django 
#31970: Logging in from one browser logs me out from other browsers (after any
change in PBKDF2PasswordHasher.iterations)
--+--
 Reporter:  אורי  |Owner:  nobody
 Type:  Bug   |   Status:  closed
Component:  contrib.sessions  |  Version:  3.1
 Severity:  Normal|   Resolution:  wontfix
 Keywords:| Triage Stage:  Unreviewed
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+--

Comment (by אורי):

 Thank you, Carlton. I understand. I replied to the mailing list, but just
 in case I'm linking our patch here:

 https://github.com/speedy-net/speedy-
 net/blob/master/speedy/core/patches/session_patches.py

 I also think it would be better to change the number of iterations not
 every 8 months, but every 2 years (with a new LTS release).

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/069.52341dafc3ffc8ff9336ca280f27e63c%40djangoproject.com.

Re: [Django] #31970: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

2020-09-03 Thread Django 
#31970: Logging in from one browser logs me out from other browsers (after any
change in PBKDF2PasswordHasher.iterations)
--+--
 Reporter:  אורי  |Owner:  nobody
 Type:  Bug   |   Status:  closed
Component:  contrib.sessions  |  Version:  3.1
 Severity:  Normal|   Resolution:  wontfix
 Keywords:| Triage Stage:  Unreviewed
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+--

Comment (by Carlton Gibson):

 Just for sanity I testing the same upgrading from 2.2 to 3.0. Same result.

 Bottom line is that if you change the password hash, the old session hash
 will no longer validate, the same as described in the
 [https://docs.djangoproject.com/en/3.1/topics/auth/default/#session-
 invalidation-on-password-change Session invalidation on password change]
 docs.

 (I can't see that there's any possibility of a change there...)

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/069.ada906a6ea92e1c407446df84eb2b002%40djangoproject.com.

Re: [Django] #31970: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

2020-09-03 Thread Django 
#31970: Logging in from one browser logs me out from other browsers (after any
change in PBKDF2PasswordHasher.iterations)
--+--
 Reporter:  אורי  |Owner:  nobody
 Type:  Bug   |   Status:  closed
Component:  contrib.sessions  |  Version:  3.1
 Severity:  Normal|   Resolution:  wontfix
 Keywords:| Triage Stage:  Unreviewed
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+--
Changes (by Carlton Gibson):

 * resolution:  worksforme => wontfix


Comment:

 OK, yes I see it.

 We update the hasher iterations every release. I can't see that this is
 something we can or will change.

 I don't think requiring sessions to be refreshed once every nine months is
 a big ask.

 I see you've posted to the mailing list (which is correct if you don't
 agree here) so we'll see how that goes.

 Thanks.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/069.f28aec805c806bf620a2ba1cdbf68f1b%40djangoproject.com.

Re: [Django] #31970: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations) (was: Logging in from one browser logs me out from other browsers

2020-09-02 Thread Django 
#31970: Logging in from one browser logs me out from other browsers (after any
change in PBKDF2PasswordHasher.iterations)
--+--
 Reporter:  אורי  |Owner:  nobody
 Type:  Bug   |   Status:  closed
Component:  contrib.sessions  |  Version:  3.1
 Severity:  Normal|   Resolution:  worksforme
 Keywords:| Triage Stage:  Unreviewed
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+--

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/069.e9996da476269bfc4be9e871e27cffa4%40djangoproject.com.