id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
36200	Mention that RemoteUserMiddleware should be replaced when using custom header middleware with RemoteUserBackend	Joonas Häkkinen	Joonas Häkkinen	"REMOTE_USER authentication docs at [https://docs.djangoproject.com/en/5.1/howto//auth-remote-user/] cover using a custom middleware to read the username from HTTP headers. However, it does not specify that the custom middleware should replace `RemoteUserMiddleware` rather than be appended to `MIDDLEWARE`.

This is essentially a small omission and might be clear to experienced Django users. However, at least for me, an experienced web developer but totally new to Django, this was surprising and the resulting CSRF validation failure made me suspect something completely different for two full days. Thus I though that a small mention about ''replacing'' instead of appending `RemoteUserMiddleware` with the custom one would be a reasonable addition to the docs.

I will be opening a PR for this shortly unless you think this is not worth including in the docs."	Cleanup/optimization	closed	Documentation	5.1	Normal	fixed	REMOTE_USER, authentication, middleware		Ready for checkin	1	0	0	0	0	0