django user logged out after password change

Question

I am having an issue with Django users changing passwords - I have built a few production sites in Django, just none in about a year (or in 1.8), but I don\'t recall having this

Answer 1

My understanding is being logged out after password change is new in Django 1.7. So you will need to re-auth user in your code as you said.

See Release Notes: https://docs.djangoproject.com/en/1.8/releases/1.7/#django-contrib-auth

Here is the specific note: "The AbstractBaseUser.get_session_auth_hash() method was added and if your AUTH_USER_MODEL inherits from AbstractBaseUser, changing a user’s password now invalidates old sessions if the SessionAuthenticationMiddleware is enabled. See Session invalidation on password change for more details including upgrade considerations when enabling this new middleware."

See Documentation: https://docs.djangoproject.com/en/1.7/topics/auth/default/#session-invalidation-on-password-change