Hi Horacio, Thanks for the report. Unfortunately, I can't reproduce this issue.
My steps to reproduce using the project from the tutorial: Bump PBKDF2PasswordHasher.iterations to a higher value Login at /admin/ Confirm at /admin/auth/user/#/ that the password of the user I logged in as reflects the new iteration count. Maybe there is something different in your setup? On Wednesday, January 14, 2015 at 4:57:13 PM UTC-5, Horacio G. de Oro wrote: > > The problem is because the iterations in PBKDF2PasswordHasher where > updated to 15000, so it updates the password, but later, > SessionAuthenticationMiddleware detects a password change and PUF! the > login doesn't work. > > Right new I've created a PBKDF2PasswordHasher implementation with > iteartions = 12000 (the old value), but I want to report the issue (I don't > know if this is a bug) in case it happens to anyone else. > > Saving the user returned by authenticate() before calling login() solved > the issue too, but I dont' want to save the user just in case the password > changed. > > Regards! > Horacio > > > -- > Horacio G. de Oro > Email: [email protected] <javascript:> > Web: http://www.data-tsunami.com > LinkedIn: https://www.linkedin.com/in/hgdeoro > > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/1a165ceb-d97a-4451-b110-52a67e559542%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
