Code

Ticket #15891: session.patch

File session.patch, 1.3 KB (added by sorl, 3 years ago)
  • django/contrib/auth/__init__.py

    diff --git a/django/contrib/auth/__init__.py b/django/contrib/auth/__init__.py
    index f11f830..21470cd 100644
    a b def login(request, user): 
    6161    if user is None: 
    6262        user = request.user 
    6363    # TODO: It would be nice to support different login methods, like signed cookies. 
    64     if SESSION_KEY in request.session: 
    65         if request.session[SESSION_KEY] != user.id: 
    66             # To avoid reusing another user's session, create a new, empty 
    67             # session if the existing session corresponds to a different 
    68             # authenticated user. 
    69             request.session.flush() 
    70     else: 
     64    if request.session.get(SESSION_KEY) != user.id: 
    7165        request.session.cycle_key() 
    7266    request.session[SESSION_KEY] = user.id 
    7367    request.session[BACKEND_SESSION_KEY] = user.backend 
    def logout(request): 
    8781        user = None 
    8882    user_logged_out.send(sender=user.__class__, request=request, user=user) 
    8983 
    90     request.session.flush() 
     84    request.session.pop(SESSION_KEY, None) 
     85    request.session.pop(BACKEND_SESSION_KEY, None) 
    9186    if hasattr(request, 'user'): 
    9287        from django.contrib.auth.models import AnonymousUser 
    9388        request.user = AnonymousUser()