[PYTHON] If you change your password in Django, you'll be logged out without permission

This is the story of Django == 2.2.12. After changing the user password from the self-made screen while logged in

・ When I try to move to another page, I first jump to the login screen. -A request to a server that is normally fine returns an error

You wondered about the situation!

Actually, if you are using a custom password change screen, you will be forced to log out after changing the password. The cause is that the session you were using is no longer used.

If you're using something like PasswordChangeView from Django, it will automatically create a new session after you change your password, so you'll stay logged in.

I want to do that on the custom screen! In that case, use the ʻupdate_session_auth_hash ()` function.

Such as the document https://docs.djangoproject.com/en/3.0/topics/auth/default/#session-invalidation-on-password-change Was written in ...

By the way, I will also post the usage example described in this document.

from django.contrib.auth import update_session_auth_hash

def password_change(request):
    if request.method == 'POST':
        form = PasswordChangeForm(user=request.user, data=request.POST)
        if form.is_valid():
            form.save()
            update_session_auth_hash(request, form.user)
    else:
        ...

Recommended Posts

If you change your password in Django, you'll be logged out without permission
When you forget your admin screen username / password in Django
If you write the View decorator in urls.py in Django, the list will be higher.