Ticket #6941: clear_session_on_logout_and_login2.diff

File clear_session_on_logout_and_login2.diff, 1.5 KB (added by mrts, 7 years ago)

Minor improvement to logout().

  • django/contrib/auth/__init__.py

     
    5353    # TODO: It would be nice to support different login methods, like signed cookies.
    5454    user.last_login = datetime.datetime.now()
    5555    user.save()
     56    if request.session.get(SESSION_KEY, user.id) != user.id:
     57        # a different user was logged in, his data has to be cleared
     58        request.session.destroy()
    5659    request.session[SESSION_KEY] = user.id
    5760    request.session[BACKEND_SESSION_KEY] = user.backend
    5861    if hasattr(request, 'user'):
    5962        request.user = user
    6063
    61 def logout(request):
     64def logout(request, clear_session=True):
    6265    """
    63     Remove the authenticated user's ID from the request.
     66    Remove the authenticated user's ID from the request and optionally clear
     67    the session.
    6468    """
    65     try:
    66         del request.session[SESSION_KEY]
    67     except KeyError:
    68         pass
    69     try:
    70         del request.session[BACKEND_SESSION_KEY]
    71     except KeyError:
    72         pass
     69    if clear_session:
     70        request.session.destroy()
     71    else:
     72        try:
     73            del request.session[SESSION_KEY]
     74        except KeyError:
     75            pass
     76        try:
     77            del request.session[BACKEND_SESSION_KEY]
     78        except KeyError:
     79            pass
    7380    if hasattr(request, 'user'):
    7481        from django.contrib.auth.models import AnonymousUser
    7582        request.user = AnonymousUser()
Back to Top