Merge pull request #3510 from jbradberry/errors-on-change-password

Use Django's own logic to invalidate sessions of users when changing passwords Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2026-05-20 07:17:40 -02:30 · 2019-04-05 14:54:20 +00:00
parent 50c7807483 efb4fb6fd0
commit ef1a5c09b6
5 changed files with 26 additions and 26 deletions
--- a/awx/main/management/commands/expire_sessions.py
+++ b/awx/main/management/commands/expire_sessions.py
@@ -4,8 +4,6 @@ from importlib import import_module
 # Django
 from django.utils import timezone
 from django.conf import settings
-from django.contrib.auth import logout
-from django.http import HttpRequest
 from django.core.management.base import BaseCommand, CommandError
 from django.contrib.auth.models import User
 from django.contrib.sessions.models import Session
@@ -29,9 +27,9 @@ class Command(BaseCommand):
        # with consideration for timezones.
        start = timezone.now()
        sessions = Session.objects.filter(expire_date__gte=start).iterator()
-        request = HttpRequest()
        for session in sessions:
            user_id = session.get_decoded().get('_auth_user_id')
            if (user is None) or (user_id and user.id == int(user_id)):
-                request.session = import_module(settings.SESSION_ENGINE).SessionStore(session.session_key)
-                logout(request)
+                session = import_module(settings.SESSION_ENGINE).SessionStore(session.session_key)
+                # Log out the session, but without the need for a request object.
+                session.flush()