Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#17841 closed Cleanup/optimization (fixed)

Clarify authentication backend documentation

Reported by: Jeremy Blanchard Owned by: Luke Granger-Brown
Component: Documentation Version: 1.3
Severity: Normal Keywords:
Cc: django@… Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

The current text for the "NOTE" in this section of the documentation reads:

Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend for subsequent authentication attempts for that user. This effectively means that authentication sources are cached, so if you change AUTHENTICATION_BACKENDS, you'll need to clear out session data if you need to force users to re-authenticate using different methods. A simple way to do that is simply to execute Session.objects.all().delete().

It is pretty awkwardly worded in my opinion. It should be improved.

Attachments (1)

17841.patch (959 bytes) - added by Luke Granger-Brown 5 years ago.
Patch for the change suggested by auzigog

Download all attachments as: .zip

Change History (8)

comment:1 Changed 5 years ago by Jeremy Blanchard

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset

After getting clarification from SmileyChris and reading the core code, I would propose this updated text:

NOTE: Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend for the duration of that session whenever access to the currently authenticated user is needed. This effectively means that authentication sources are cached on a per-session basis, so if you change ((continue with previous text that was there))

Last edited 5 years ago by Jeremy Blanchard (previous) (diff)

comment:2 Changed 5 years ago by Jeremy Blanchard

Easy pickings: set

Marking as easy pickings

Changed 5 years ago by Luke Granger-Brown

Attachment: 17841.patch added

Patch for the change suggested by auzigog

comment:3 Changed 5 years ago by Luke Granger-Brown

Has patch: set
Owner: changed from nobody to Luke Granger-Brown

Here's a patch for that. Setting has patch, and assigning to me.

comment:4 Changed 5 years ago by Luke Granger-Brown

Cc: django@… added

Forgot to add to cc.

comment:5 Changed 5 years ago by Julien Phalip

Component: UncategorizedDocumentation
Triage Stage: UnreviewedReady for checkin
Type: UncategorizedCleanup/optimization

comment:6 Changed 5 years ago by Claude Paroz

Resolution: fixed
Status: newclosed

In [17752]:

Fixed #17841 -- Clarified caching note about authentication backends. Thanks auzigog for the proposal and lukegb for the patch.

comment:7 Changed 5 years ago by Claude Paroz

In [17753]:

[1.3.X] Fixed #17841 -- Clarified caching note about authentication backends. Thanks auzigog for the proposal and lukegb for the patch.

Backport of r17752 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top