#17841 closed Cleanup/optimization (fixed)
Clarify authentication backend documentation
| Reported by: | Jeremy Blanchard | Owned by: | Luke Granger-Brown |
|---|---|---|---|
| Component: | Documentation | Version: | 1.3 |
| Severity: | Normal | Keywords: | |
| Cc: | django@… | Triage Stage: | Ready for checkin |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
The current text for the "NOTE" in this section of the documentation reads:
Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend for subsequent authentication attempts for that user. This effectively means that authentication sources are cached, so if you change AUTHENTICATION_BACKENDS, you'll need to clear out session data if you need to force users to re-authenticate using different methods. A simple way to do that is simply to execute Session.objects.all().delete().
It is pretty awkwardly worded in my opinion. It should be improved.
Attachments (1)
Change History (8)
comment:3 by , 13 years ago
| Has patch: | set |
|---|---|
| Owner: | changed from to |
Here's a patch for that. Setting has patch, and assigning to me.
comment:5 by , 13 years ago
| Component: | Uncategorized → Documentation |
|---|---|
| Triage Stage: | Unreviewed → Ready for checkin |
| Type: | Uncategorized → Cleanup/optimization |
comment:6 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
In [17752]:
(The changeset message doesn't reference this ticket)
After getting clarification from SmileyChris and reading the core code, I would propose this updated text:
NOTE: Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend for the duration of that session whenever access to the currently authenticated user is needed. This effectively means that authentication sources are cached on a per-session basis, so if you change ((continue with previous text that was there))