Refs #23957 -- Required session verification per deprecation timeline.

docs/releases/1.10.txt

@@ -349,7 +349,9 @@ removed in Django 1.10 (please see the :ref:`deprecation timeline
 
 * Session verification is enabled regardless of whether or not
   ``'django.contrib.auth.middleware.SessionAuthenticationMiddleware'`` is in
-  ``MIDDLEWARE_CLASSES``.
+  ``MIDDLEWARE_CLASSES``. ``SessionAuthenticationMiddleware`` no longer has
+  any purpose and can be removed from ``MIDDLEWARE_CLASSES``. It's kept as
+  a stub until Django 2.0 as a courtesy for users who don't read this note.
 
 * Private attribute ``django.db.models.Field.related`` is removed.
 

docs/releases/1.7.2.txt

@@ -106,7 +106,7 @@ Bugfixes
   (:ticket:`23950`).
 
 * Prevented the
-  :class:`~django.contrib.auth.middleware.SessionAuthenticationMiddleware` from
+  ``django.contrib.auth.middleware.SessionAuthenticationMiddleware`` from
   setting a ``"Vary: Cookie"`` header on all responses (:ticket:`23939`).
 
 * Fixed a crash when adding ``blank=True`` to ``TextField()`` on MySQL

docs/releases/1.7.txt

@@ -435,9 +435,8 @@ Minor features
   method was added and if your :setting:`AUTH_USER_MODEL` inherits from
   :class:`~django.contrib.auth.models.AbstractBaseUser`, changing a user's
   password now invalidates old sessions if the
-  :class:`~django.contrib.auth.middleware.SessionAuthenticationMiddleware` is
-  enabled. See :ref:`session-invalidation-on-password-change` for more details
-  including upgrade considerations when enabling this new middleware.
+  ``django.contrib.auth.middleware.SessionAuthenticationMiddleware`` is
+  enabled. See :ref:`session-invalidation-on-password-change` for more details.
 
 ``django.contrib.formtools``
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -1455,7 +1454,7 @@ Miscellaneous
   when the input is not valid UTF-8.
 
 * With the addition of the
-  :class:`~django.contrib.auth.middleware.SessionAuthenticationMiddleware` to
+  ``django.contrib.auth.middleware.SessionAuthenticationMiddleware`` to
   the default project template (pre-1.7.2 only), a database must be created
   before accessing a page using :djadmin:`runserver`.
 

docs/releases/1.8.txt

@@ -1621,7 +1621,7 @@ attribute will change from ``True`` to ``False`` in Django 1.9.
 Using ``AuthenticationMiddleware`` without ``SessionAuthenticationMiddleware``
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-:class:`django.contrib.auth.middleware.SessionAuthenticationMiddleware` was
+``django.contrib.auth.middleware.SessionAuthenticationMiddleware`` was
 added in Django 1.7. In Django 1.7.2, its functionality was moved to
 ``auth.get_user()`` and, for backwards compatibility, enabled only if
 ``'django.contrib.auth.middleware.SessionAuthenticationMiddleware'`` appears in