Security: How to destroy sessions for a user
48 views
Skip to first unread message
Santiago Basulto
Mar 3, 2012, 4:05:39 PM3/3/12
to Django users
Hello people,
trying to implement a simple "change password" view this came out.
What's the best way to destroy session information for a user?
For example consider when the user changes its password. All session
data should be destroyed.
Thanks!
trying to implement a simple "change password" view this came out.
What's the best way to destroy session information for a user?
For example consider when the user changes its password. All session
data should be destroyed.
Thanks!
Mr. Gerardo Gonzalez Cruz
Mar 4, 2012, 3:03:04 PM3/4/12
to django...@googlegroups.com
You need check session always into your database to manage user sessions. When change a password you need a simple update over session table, then over every request in your site you need check if you password had a change, if yes the user session set a null. Basically you need polling to database on every request.
Reply all
Reply to author
Forward
0 new messages