mirror of https://github.com/django/django.git
Refs #23957 -- Removed the useless SessionAuthenticationMiddleware.
This commit is contained in:
parent
d334f46b7a
commit
401c5b2e42
|
@ -24,19 +24,6 @@ class AuthenticationMiddleware(MiddlewareMixin):
|
|||
request.user = SimpleLazyObject(lambda: get_user(request))
|
||||
|
||||
|
||||
class SessionAuthenticationMiddleware(MiddlewareMixin):
|
||||
"""
|
||||
Formerly, a middleware for invalidating a user's sessions that don't
|
||||
correspond to the user's current session authentication hash. However, it
|
||||
caused the "Vary: Cookie" header on all responses.
|
||||
|
||||
It's now a shim to allow a single settings file to more easily support
|
||||
multiple versions of Django. Will be RemovedInDjango20Warning.
|
||||
"""
|
||||
def process_request(self, request):
|
||||
pass
|
||||
|
||||
|
||||
class RemoteUserMiddleware(MiddlewareMixin):
|
||||
"""
|
||||
Middleware for utilizing Web-server-provided authentication.
|
||||
|
|
|
@ -212,7 +212,9 @@ Database backend API
|
|||
Miscellaneous
|
||||
-------------
|
||||
|
||||
* ...
|
||||
* The ``SessionAuthenticationMiddleware`` class is removed. It provided no
|
||||
functionality since session authentication is unconditionally enabled in
|
||||
Django 1.10.
|
||||
|
||||
.. _deprecated-features-2.0:
|
||||
|
||||
|
|
|
@ -824,15 +824,6 @@ user to the login page or issue an HTTP 403 Forbidden response.
|
|||
Session invalidation on password change
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
.. versionchanged:: 1.10
|
||||
|
||||
Session verification is enabled and mandatory in Django 1.10 (there's no
|
||||
way to disable it) regardless of whether or not
|
||||
``SessionAuthenticationMiddleware`` is enabled. In older
|
||||
versions, this protection only applies if
|
||||
``django.contrib.auth.middleware.SessionAuthenticationMiddleware``
|
||||
is enabled in :setting:`MIDDLEWARE`.
|
||||
|
||||
If your :setting:`AUTH_USER_MODEL` inherits from
|
||||
:class:`~django.contrib.auth.models.AbstractBaseUser` or implements its own
|
||||
:meth:`~django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash()`
|
||||
|
|
Loading…
Reference in New Issue