django-allauth 64.1.0 released
Posted by Raymond Penners on 2024-08-15
Note worthy changes
- Headless: When trying to login while a user is already logged in, you now get a 409.
- Limited the maximum allowed time for a login to go through the various login stages. This limits, for example, the time span that the 2FA stage remains available. See settings.ACCOUNT_LOGIN_TIMEOUT.
Security notice
- Headless: When a user was not fully logged in, for example, because (s)he was in the process of completing the 2FA process, calling logout would not wipe the session containing the partially logged in user.
Next: django-allauth 64.2.0 released Previous: django-allauth 64.0.0 released