Ticket #15891: session.patch

File session.patch, 1.3 KB (added by sorl, 4 years ago)
  • django/contrib/auth/__init__.py

    diff --git a/django/contrib/auth/__init__.py b/django/contrib/auth/__init__.py
    index f11f830..21470cd 100644
    a b def login(request, user): 
    6161    if user is None:
    6262        user = request.user
    6363    # TODO: It would be nice to support different login methods, like signed cookies.
    64     if SESSION_KEY in request.session:
    65         if request.session[SESSION_KEY] != user.id:
    66             # To avoid reusing another user's session, create a new, empty
    67             # session if the existing session corresponds to a different
    68             # authenticated user.
    69             request.session.flush()
    70     else:
     64    if request.session.get(SESSION_KEY) != user.id:
    7165        request.session.cycle_key()
    7266    request.session[SESSION_KEY] = user.id
    7367    request.session[BACKEND_SESSION_KEY] = user.backend
    def logout(request): 
    8781        user = None
    8882    user_logged_out.send(sender=user.__class__, request=request, user=user)
    8983
    90     request.session.flush()
     84    request.session.pop(SESSION_KEY, None)
     85    request.session.pop(BACKEND_SESSION_KEY, None)
    9186    if hasattr(request, 'user'):
    9287        from django.contrib.auth.models import AnonymousUser
    9388        request.user = AnonymousUser()
Back to Top