Updating a user's password logs out all sessions for the user. Take the current request and the updated user object from which the new session hash will be derived and update the session hash appropriately to prevent a password change from logging out the session from which the
(request, user)
| 375 | |
| 376 | |
| 377 | def update_session_auth_hash(request, user): |
| 378 | """ |
| 379 | Updating a user's password logs out all sessions for the user. |
| 380 | |
| 381 | Take the current request and the updated user object from which the new |
| 382 | session hash will be derived and update the session hash appropriately to |
| 383 | prevent a password change from logging out the session from which the |
| 384 | password was changed. |
| 385 | """ |
| 386 | request.session.cycle_key() |
| 387 | if hasattr(user, "get_session_auth_hash") and request.user == user: |
| 388 | request.session[HASH_SESSION_KEY] = user.get_session_auth_hash() |
| 389 | |
| 390 | |
| 391 | async def aupdate_session_auth_hash(request, user): |
no test coverage detected