id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
12148	Don't use invalid backend from the Session to load the user in contrib.auth.get_user	Tamas Szabo	nobody	"django.contrib.auth saves the backend_path used to authenticate the user in the session.
This works great but when you remove the authorization backend you get an ImproperlyConfigured error.
The error references the old authorization backend so your first instinct is that the problem must be in your settings file.

I've been bitten by this a few times now, sometimes I remember to delete the Sessions manually, other times (like today) I think that my old settings.py must be executed and I go through the pain of deleting directories, redeploying and restarting servers.

I would like to suggest adding a check to the get_user call, that checks if the backend_path saved in the session is still in settings.AUTHORIZATION_BACKENDS. 
If it isn't don't try to load it.

Patch for django.contrib.auth.__init__.py and tests included.

Thanks."	New feature	closed	contrib.auth	dev	Normal	fixed		vlastimil.zima@…	Accepted	1	0	0	1	0	0