Two ways to put a user in the second parameter of update_session_auth_hash()

harryjjun · December 22, 2021, 7:06am

I have a question while using PassworkChangeForm() and update_session_auth_hash().

First, here are two examples.

from django.contrib.auth import update_session_auth_hash


@login_required
@require_http_methods(['GET', 'POST'])
def change_password(request):
    if request.method == 'POST':
        form = PasswordChangeForm(request.user, request.POST)
        if form.is_valid():
            # case 1
            form.save()
            update_session_auth_hash(request, form.user)
            return redirect('articles:index')
    else:
        ...

from django.contrib.auth import update_session_auth_hash


@login_required
@require_http_methods(['GET', 'POST'])
def change_password(request):
    if request.method == 'POST':
        form = PasswordChangeForm(request.user, request.POST)
        if form.is_valid():
            # case 2
            user = form.save()
            update_session_auth_hash(request, user)
            return redirect('articles:index')
    else:
        ...

There are two ways to put a user in the second parameter of update_session_auth_hash().

I know that both user object are the same object.

"Why are django official documents guiding us in the case 1?"
I would like to hear various opinions simply for a more intuitive expression or for other reasons.

Thank you.

KenWhitesell · December 22, 2021, 1:08pm

I’m not quite sure I understand what you’re really trying to ask here.

The only reference to a use of PasswordChangeForm that I can find in the docs is in an example at Using the Django authentication system | Django documentation | Django, which is discussing a different topic.
So my opinion would be that it’s just an example used to set up the real topic being discussed - an arbitrary decision. (Rarely is there only one way to do something - you’ll end up making many relatively-arbitrary decisions along the way.)