Ticket #6941: clear_session_on_logout_and_login.2.diff

File clear_session_on_logout_and_login.2.diff, 1.3 KB (added by mrts, 7 years ago)

Patch updated to changes to #7515

  • django/contrib/auth/__init__.py

     
    5353    # TODO: It would be nice to support different login methods, like signed cookies.
    5454    user.last_login = datetime.datetime.now()
    5555    user.save()
     56    if request.session.get(SESSION_KEY, user.id) != user.id:
     57        # a different user was logged in, his data has to be cleared
     58        request.session.destroy()
    5659    request.session[SESSION_KEY] = user.id
    5760    request.session[BACKEND_SESSION_KEY] = user.backend
    5861    if hasattr(request, 'user'):
    5962        request.user = user
    6063
    61 def logout(request):
     64def logout(request, clear_session=True):
    6265    """
    63     Remove the authenticated user's ID from the request.
     66    Remove the authenticated user's ID from the request and optionally clear
     67    the session.
    6468    """
    6569    try:
    6670        del request.session[SESSION_KEY]
     
    7074        del request.session[BACKEND_SESSION_KEY]
    7175    except KeyError:
    7276        pass
     77    if clear_session:
     78        request.session.destroy()
    7379    if hasattr(request, 'user'):
    7480        from django.contrib.auth.models import AnonymousUser
    7581        request.user = AnonymousUser()
Back to Top