Btw i wrote reusable application for this subject. Here is the link if it
could help to someone:
https://github.com/alikus/django-password-session
вторник, 2 октября 2012 г., 18:23:25 UTC+4 пользователь Dirley Rodrigues
написал:
>
> I've recently discovered this issue with my django based
So, thank you for the insights. I ended up with a solution that is a mix of
what you've proposed here.
Each time a user logs in, it's current *session validation token* is saved on
the session. It is easy to code this using the `user_logged_in` signal.
Then, I've changed the logic of the code
Yeah, this debate is borderline silly now.
OP, in a nut shell;
1) It is completely acceptable to revoke all other sessions after a
password change
2) There are many ways to revoke sessions, pick one that is right for your
use case.
3) Whether session revoking is enforced or optional is a choice
On Tue, Oct 2, 2012 at 7:50 PM, Cal Leeming [Simplicity Media Ltd]
wrote:
> On Tue, Oct 2, 2012 at 5:23 PM, Tom Evans wrote:
>> I did not say that it was not a desired feature, I said that
>> *personally* I would not have that
On Tue, Oct 2, 2012 at 9:45 PM, Dennis Lee Bieber wrote:
> On Tue, 2 Oct 2012 17:23:01 +0100, Tom Evans
> declaimed the following in gmane.comp.python.django.user:
>
> >
> > I did not say that it was not a desired feature, I said that
> >
On Tue, Oct 2, 2012 at 5:23 PM, Tom Evans wrote:
> On Tue, Oct 2, 2012 at 4:43 PM, Cal Leeming [Simplicity Media Ltd]
> wrote:
> >
> >
> > On Tue, Oct 2, 2012 at 3:51 PM, Tom Evans
> wrote:
> >>
> >> On
On Tue, Oct 2, 2012 at 4:43 PM, Cal Leeming [Simplicity Media Ltd]
wrote:
>
>
> On Tue, Oct 2, 2012 at 3:51 PM, Tom Evans wrote:
>>
>> On Tue, Oct 2, 2012 at 3:22 PM, Dirley wrote:
>> > I've recently discovered
Sorry, my previous reply looked like I was disagreeing with the OP, this is
not the case.
I was disagreeing with this comment;
Sessions aren't tied to specific users, and so cannot easily be
invalidated like that. Personally, I wouldn't have the expectation
that changing my password would
On Tue, Oct 2, 2012 at 3:51 PM, Tom Evans wrote:
> On Tue, Oct 2, 2012 at 3:22 PM, Dirley wrote:
> > I've recently discovered this issue with my django based application.
> >
> > When a users changes its password, its active sessions are not
On Tue, Oct 2, 2012 at 3:22 PM, Dirley wrote:
> I've recently discovered this issue with my django based application.
>
> When a users changes its password, its active sessions are not destroyed.
> I mean, if a user is logged in two different places (or in two different
>
I've recently discovered this issue with my django based application.
When a users changes its password, its active sessions are not destroyed.
I mean, if a user is logged in two different places (or in two different
browsers) and changes its password on one place, the other session will still
be
11 matches
Mail list logo