Django密码更改 [英] Django password change
问题描述
为什么输入新的有效密码后,我的用户会注销以下代码?
Why does the following code result in my user being logged out when they enter a new, valid password?
@login_required
def change_password(request):
pass_form = PasswordChangeForm(user=request.user)
if request.method == 'POST':
pass_form = PasswordChangeForm(user=request.user, data=request.POST)
if pass_form.is_valid():
pass_form.save()
return render(request,'coursework/profile.html',
{'pass_form' : pass_form,
'pass_msg' : 'Password Updated'})
return render(request, 'coursework/new_password_form.html',
{'form': pass_form})
推荐答案
这是Django实现的安全措施,在默认配置中 - 一旦用户更改它们密码,所有现有会话都无效。请参阅 https://docs.djangoproject .com / en / 1.9 / topics / auth / default /#session-invalidation-on-password-change
It's a security measure implemented by Django, and it is enabled in the default configuration – as soon as a user changes their password, all existing sessions are invalidated. See https://docs.djangoproject.com/en/1.9/topics/auth/default/#session-invalidation-on-password-change
您需要将以下内容添加到在 pass_form.save()
之后查看,以保持当前会话有效:
You need to add the following to your view after pass_form.save()
in order to keep the current session valid:
update_session_auth_hash(request, pass_form.user)
这篇关于Django密码更改的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!