django.contrib.auth.update_session_auth_hash not working after change password

[cseb...@gmail.com]

When I change a password, users are logged out.

Django recommends keeping users logged in

by calling django.contrib.auth.update_session_auth_hash(request, user).

This is not working in a Django website of mine.

They must log in again!?

There are no error messages.  Is there any way I can provide

more details?

Chris

[Ruby]

How was it implemented?

Show a snippet from your code

See how it was used in my code

form = ChangePasswordForm(request, request.POST)

if form.is_valid():

user = form.save()

update_session_auth_hash(request, user)

messages.success(

request, "Your password has been successfully updated")

return redirect(request.META.get('HTTP_REFERER'))

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/django-users/04908d1c-a1e4-41ea-afd8-e227f78af8bcn%40googlegroups.com.

[cseb...@gmail.com]

Ruby

Thank you very much.  Here is my code...

INV        = grandmas4hire.models.Invitation  

...

def add_url_param(url, param, arg):                                             
        prefix = "&" if "?" in url else "/?"                                    
                                                                                
        return url + prefix + f'{param}={str(arg).replace(" ", "+")}'           
 

---

@django.contrib.auth.decorators.login_required                                  
def change_password(request):                                                  
        user = request.user                                                    
        msg  = request.GET.get("msg")                                          
        if request.method == "POST":                                            
                form = grandmas4hire.forms.ChangePasswordForm(request.POST)    
                if form.is_valid():                                            
                        new_password = form.cleaned_data["new_password"]        
                        inv          = INV.objects.get(user = user)            
                        inv.user.set_password(new_password)                    
                        inv.user.save()                                        
                        django.contrib.auth.update_session_auth_hash(request,  
                                                                     user)      
                        url          = add_url_param("/change_password",        
                                                     "msg",                    
                                                     "Password+changed.")      
                        reply        = django.shortcuts.redirect(url)          
                else:                                                          
                        reply = django.shortcuts.render(request,                
                                                        "change_password.html",
                                                        {"form" : form})        
        else:                                                                  
                form  = grandmas4hire.forms.ChangePasswordForm()                
                reply = django.shortcuts.render(request,                        
                                                "change_password.html",        
                                                {"form" : form,                
                                                 "msg"  : msg})                
                                                                               
        return reply                          

[Ruby]

Your code needs to be refactored, here is the real deal, your ChangePassowrdFrom is missing `request`, it should be as it is below

form = grandmas4hire.forms.ChangePasswordForm(request, request.POST)

To view this discussion visit https://groups.google.com/d/msgid/django-users/0c0c2c50-5064-4e9d-a579-f0ddb323c11an%40googlegroups.com.

[Ken BHHO]

@cseb Where did you get that Django Code?

To view this discussion visit https://groups.google.com/d/msgid/django-users/CAPUD46tCgtE4bK6yrrZ18FuxE4oTsvkda%2BLG2S8Fz14pxrkb%3DA%40mail.gmail.com.

[cseb...@gmail.com]

I wrote it myself.  Why?

cs

[cseb...@gmail.com]

Ruby

Thank you very much.  I tried adding the request argument to my form subclass 

and got this...

AttributeError: 'WSGIRequest' object has no attribute 'get'

I don't understand how/why tweaking my form this way will solve the session issue.

My form only gets the new password from the user.  The user password

is updated outside of the form in the code I recently sent.  

Are you suggesting I should change the password in the form somehow such

as in the clean method?

Chris

[Ruby]

Hi Chris,

The quality of your code is very poor and needs to be generally improved, in the meantime, Django already has a built-in "Change Password Form" that you can use `django.contrib.auth.forms.PasswordChangeForm` (https://github.com/django/django/blob/042b381e2e37c0c37b8a8f6cc9947f1a2ebfa0dd/django/contrib/auth/forms.py#L520)
You may consider consulting the official Django documentation to understand the usage better (https://docs.djangoproject.com/en/stable/topics/auth/default/)

To view this discussion visit https://groups.google.com/d/msgid/django-users/0fd343eb-9c13-4d76-bd8c-c9750717bb5an%40googlegroups.com.

[cseb...@gmail.com]

Ruby

Thank you very much.  Can you tell me what I can do to improve my Django code?  I would really

appreciate as I'm always open to constructive feedback.

I'm still curious why my code successfully changes the password but cannot retain

the session afterwards.  

Thanks for all your help.

Chris