Ticket #6941: clear_session_on_logout_and_login.diff
| File clear_session_on_logout_and_login.diff, 1.3 kB (added by mrts, 2 months ago) |
|---|
-
django/contrib/auth/__init__.py
old new 53 53 # TODO: It would be nice to support different login methods, like signed cookies. 54 54 user.last_login = datetime.datetime.now() 55 55 user.save() 56 if request.session.get(SESSION_KEY, user.id) != user.id: 57 # a different user was logged in, his data has to be cleared 58 request.session.clear() 56 59 request.session[SESSION_KEY] = user.id 57 60 request.session[BACKEND_SESSION_KEY] = user.backend 58 61 if hasattr(request, 'user'): 59 62 request.user = user 60 63 61 def logout(request ):64 def logout(request, clear_session=True): 62 65 """ 63 Remove the authenticated user's ID from the request. 66 Remove the authenticated user's ID from the request and optionally clear 67 the session. 64 68 """ 65 69 try: 66 70 del request.session[SESSION_KEY] … … 70 74 del request.session[BACKEND_SESSION_KEY] 71 75 except KeyError: 72 76 pass 77 if clear_session: 78 request.session.clear() 73 79 if hasattr(request, 'user'): 74 80 from django.contrib.auth.models import AnonymousUser 75 81 request.user = AnonymousUser()
