def save(self, request, delete_session=False): AuditLog.objects.create( self.user, request, "password", password=self.user.password ) # Change the password password = self.cleaned_data["new_password1"] self.user.set_password(password) self.user.save(update_fields=["password"]) # Updating the password logs out all other sessions for the user # except the current one and change key for current session cycle_session_keys(request, self.user) # Invalidate password reset codes invalidate_reset_codes(self.user) if delete_session: request.session.flush() messages.success(request, _("Your password has been changed."))
def cycle_session(strategy, user, *args, **kwargs): # Change key for current session and invalidate others cycle_session_keys(strategy.request, user)