Ticket #6941: 6941_notests.diff
| File 6941_notests.diff, 1.7 kB (added by axiak, 5 months ago) |
|---|
-
django/contrib/auth/__init__.py
old new 43 43 user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) 44 44 return user 45 45 46 def clear_session(request): 47 """ 48 Clear the session out. 49 """ 50 from django.conf import settings 51 from django.contrib.sessions.middleware import SessionMiddleware 52 53 # Uses the cookies to remove memory. 54 request.COOKIES[settings.SESSION_COOKIE_NAME] = None 55 SessionMiddleware().process_request(request) 56 46 57 def login(request, user): 47 58 """ 48 59 Persist a user id and a backend in the request. This way a user doesn't … … 53 64 # TODO: It would be nice to support different login methods, like signed cookies. 54 65 user.last_login = datetime.datetime.now() 55 66 user.save() 67 if request.session.get(SESSION_KEY, user.id) != user.id: 68 # A different user is logged in; we need to destroy the session. 69 clear_session(request) 56 70 request.session[SESSION_KEY] = user.id 57 71 request.session[BACKEND_SESSION_KEY] = user.backend 58 72 if hasattr(request, 'user'): … … 62 76 """ 63 77 Remove the authenticated user's ID from the request. 64 78 """ 65 try: 66 del request.session[SESSION_KEY] 67 except KeyError: 68 pass 69 try: 70 del request.session[BACKEND_SESSION_KEY] 71 except KeyError: 72 pass 79 # Since the user is logging out, just clear their session: 80 clear_session(request) 73 81 if hasattr(request, 'user'): 74 82 from django.contrib.auth.models import AnonymousUser 75 83 request.user = AnonymousUser()
