diff --git a/backend/Pipfile b/backend/Pipfile
index 69bdcab2..261640be 100644
--- a/backend/Pipfile
+++ b/backend/Pipfile
@@ -7,7 +7,7 @@ name = "pypi"
 # Before adding a new package, check it's not listed under [packages] at
 #   https://github.com/ocadotechnology/codeforlife-package-python/blob/{ref}/Pipfile
 # Replace "{ref}" in the above URL with the ref set below.
-codeforlife = {ref = "v0.13.8", git = "https://github.com/ocadotechnology/codeforlife-package-python.git"}
+codeforlife = {ref = "v0.13.9", git = "https://github.com/ocadotechnology/codeforlife-package-python.git"}
 # TODO: check if we need the below packages
 whitenoise = "==6.5.0"
 django-pipeline = "==2.0.8"
@@ -34,7 +34,7 @@ google-cloud-container = "==2.3.0"
 # Before adding a new package, check it's not listed under [dev-packages] at
 #   https://github.com/ocadotechnology/codeforlife-package-python/blob/{ref}/Pipfile
 # Replace "{ref}" in the above URL with the ref set below.
-codeforlife = {ref = "v0.13.8", git = "https://github.com/ocadotechnology/codeforlife-package-python.git", extras = ["dev"]}
+codeforlife = {ref = "v0.13.9", git = "https://github.com/ocadotechnology/codeforlife-package-python.git", extras = ["dev"]}
 # TODO: check if we need the below packages
 django-selenium-clean = "==0.3.3"
 django-test-migrations = "==1.2.0"
diff --git a/backend/Pipfile.lock b/backend/Pipfile.lock
index 57cbbaca..fbdefb16 100644
--- a/backend/Pipfile.lock
+++ b/backend/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "8fa0272b15e11ed5fcb092921c2977dba1e7b4d79df68811bc71540b430033e9"
+            "sha256": "133387961394ddba0202782e2bb4265b005cd74c06be1456cf8cae8c3df2a832"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -168,7 +168,7 @@
         },
         "codeforlife": {
             "git": "https://github.com/ocadotechnology/codeforlife-package-python.git",
-            "ref": "4b2797f9b8ac681df7ae3e9406f255123cf55412"
+            "ref": "cd70f4fc980eee04a029402029a1dfb52a0f1e3e"
         },
         "codeforlife-portal": {
             "hashes": [
@@ -806,6 +806,7 @@
                 "sha256:a6f5977418eff3b2d5500d54d9db50c8277a368436f4e4f8ddb1be3422870184",
                 "sha256:f91456ead12ab3c6c2e9491cf33ba6d08357d802192379bb482f1033ade496f5"
             ],
+            "markers": "python_version >= '3.6'",
             "version": "==3.1.2"
         },
         "pandas": {
@@ -1304,6 +1305,7 @@
                 "sha256:6a33ee89877bd9abc1158129f6e94be74e2679636b8a205b43b85206c3f0bbdd",
                 "sha256:f72f148f54442c6b056bf931dbc34f986fd0c3b0b6b5a58d013c9aef274d0c88"
             ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
             "version": "==2.0.1"
         },
         "xlwt": {
@@ -1512,7 +1514,7 @@
         },
         "codeforlife": {
             "git": "https://github.com/ocadotechnology/codeforlife-package-python.git",
-            "ref": "4b2797f9b8ac681df7ae3e9406f255123cf55412"
+            "ref": "cd70f4fc980eee04a029402029a1dfb52a0f1e3e"
         },
         "codeforlife-portal": {
             "hashes": [
@@ -2184,6 +2186,7 @@
                 "sha256:a6f5977418eff3b2d5500d54d9db50c8277a368436f4e4f8ddb1be3422870184",
                 "sha256:f91456ead12ab3c6c2e9491cf33ba6d08357d802192379bb482f1033ade496f5"
             ],
+            "markers": "python_version >= '3.6'",
             "version": "==3.1.2"
         },
         "packaging": {
@@ -2895,6 +2898,7 @@
                 "sha256:6a33ee89877bd9abc1158129f6e94be74e2679636b8a205b43b85206c3f0bbdd",
                 "sha256:f72f148f54442c6b056bf931dbc34f986fd0c3b0b6b5a58d013c9aef274d0c88"
             ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
             "version": "==2.0.1"
         },
         "xlwt": {
diff --git a/backend/api/views/user.py b/backend/api/views/user.py
index 907c6212..ba514898 100644
--- a/backend/api/views/user.py
+++ b/backend/api/views/user.py
@@ -56,6 +56,9 @@ def get_queryset(self):
     def perform_bulk_destroy(self, queryset):
         queryset.update(first_name="", is_active=False)
 
+    # def destroy(self, request: Request):
+    #     return super().des
+
     @action(
         detail=True,
         methods=["get", "patch"],
diff --git a/backend/sso/permissions.py b/backend/sso/permissions.py
index b273b355..2491da88 100644
--- a/backend/sso/permissions.py
+++ b/backend/sso/permissions.py
@@ -13,5 +13,5 @@ class UserHasSessionAuthFactors(BasePermission):
     def has_permission(self, request: Request, view: View):
         return (
             isinstance(request.user, User)
-            and request.user.session.session_auth_factors.exists()
+            and request.user.session.auth_factors.exists()
         )
diff --git a/backend/sso/views.py b/backend/sso/views.py
index dec499e3..cb10e5d1 100644
--- a/backend/sso/views.py
+++ b/backend/sso/views.py
@@ -94,7 +94,7 @@ def form_valid(self, form: BaseAuthForm):  # type: ignore
                 {
                     "user_id": user.id,
                     "auth_factors": list(
-                        user.session.session_auth_factors.values_list(
+                        user.session.auth_factors.values_list(
                             "auth_factor__type", flat=True
                         )
                     ),
@@ -125,10 +125,9 @@ class LoginOptionsView(APIView):
 
     def get(self, request: Request):
         user = t.cast(User, request.user)
-        session_auth_factors = user.session.session_auth_factors
 
         response_data = {"id": user.id}
-        if session_auth_factors.filter(
+        if user.session.auth_factors.filter(
             auth_factor__type=AuthFactor.Type.OTP
         ).exists():
             response_data[