Django密码更改 [英] Django password change

问题描述

为什么输入新的有效密码后，我的用户会注销以下代码？

Why does the following code result in my user being logged out when they enter a new, valid password?

@login_required
def change_password(request):
    pass_form = PasswordChangeForm(user=request.user)
    if request.method == 'POST':
        pass_form = PasswordChangeForm(user=request.user, data=request.POST)
        if pass_form.is_valid():
            pass_form.save()
            return render(request,'coursework/profile.html',
                                      {'pass_form' : pass_form,
                                       'pass_msg' : 'Password Updated'})
    return render(request, 'coursework/new_password_form.html',
                              {'form': pass_form})

推荐答案

这是Django实现的安全措施，在默认配置中 - 一旦用户更改它们密码，所有现有会话都无效。请参阅 https：//docs.djangoproject .com / en / 1.9 / topics / auth / default /＃session-invalidation-on-password-change

It's a security measure implemented by Django, and it is enabled in the default configuration – as soon as a user changes their password, all existing sessions are invalidated. See https://docs.djangoproject.com/en/1.9/topics/auth/default/#session-invalidation-on-password-change

您需要将以下内容添加到在 pass_form.save（）之后查看，以保持当前会话有效：

You need to add the following to your view after pass_form.save() in order to keep the current session valid:

update_session_auth_hash(request, pass_form.user)

这篇关于Django密码更改的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！