LOGOUT_ON_PASSWORD_CHANGE: Is this session based or token based

Question

LOGOUT_ON_PASSWORD_CHANGE: Is this session based or token based

sant527 opened this issue 4 years ago · 0 comments

sant527 commented 4 years ago

I am using django-rest-auth

I am implementing password change.

I found this option: at https://django-rest-auth.readthedocs.io/en/latest/api_endpoints.html

LOGOUT_ON_PASSWORD_CHANGE = False to keep the user logged in after password change

I wanted to understand the flow.

I sent my password details

old_password
new_password1
new_password2

to the endpoint /rest-auth/password/change/ (POST)

curl --location --request POST "http://127.0.0.1:8000/rest-auth/password/change/" \
--header "Authorization:Token a42fdd3938ad24d8abd064d3fedhsh599115e38b6a" \
--header 'Content-Type: application/json' \
--data-raw '{ 
	"old_password": "oldP"
	"new_password1": "newP"
	"new_password2": "newP"
}'

Now what happens to my token on LOGOUT_ON_PASSWORD_CHANGE = True