Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#17841 closed Cleanup/optimization (fixed)

Clarify authentication backend documentation

Reported by: auzigog Owned by: lukegb
Component: Documentation Version: 1.3
Severity: Normal Keywords:
Cc: django@… Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

The current text for the "NOTE" in this section of the documentation reads:

Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend for subsequent authentication attempts for that user. This effectively means that authentication sources are cached, so if you change AUTHENTICATION_BACKENDS, you'll need to clear out session data if you need to force users to re-authenticate using different methods. A simple way to do that is simply to execute Session.objects.all().delete().

It is pretty awkwardly worded in my opinion. It should be improved.

Attachments (1)

17841.patch (959 bytes) - added by lukegb 3 years ago.
Patch for the change suggested by auzigog

Download all attachments as: .zip

Change History (8)

comment:1 Changed 3 years ago by auzigog

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

After getting clarification from SmileyChris and reading the core code, I would propose this updated text:

NOTE: Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend for the duration of that session whenever access to the currently authenticated user is needed. This effectively means that authentication sources are cached on a per-session basis, so if you change ((continue with previous text that was there))

Last edited 3 years ago by auzigog (previous) (diff)

comment:2 Changed 3 years ago by auzigog

  • Easy pickings set

Marking as easy pickings

Changed 3 years ago by lukegb

Patch for the change suggested by auzigog

comment:3 Changed 3 years ago by lukegb

  • Has patch set
  • Owner changed from nobody to lukegb

Here's a patch for that. Setting has patch, and assigning to me.

comment:4 Changed 3 years ago by lukegb

  • Cc django@… added

Forgot to add to cc.

comment:5 Changed 3 years ago by julien

  • Component changed from Uncategorized to Documentation
  • Triage Stage changed from Unreviewed to Ready for checkin
  • Type changed from Uncategorized to Cleanup/optimization

comment:6 Changed 3 years ago by claudep

  • Resolution set to fixed
  • Status changed from new to closed

In [17752]:

Fixed #17841 -- Clarified caching note about authentication backends. Thanks auzigog for the proposal and lukegb for the patch.

comment:7 Changed 3 years ago by claudep

In [17753]:

[1.3.X] Fixed #17841 -- Clarified caching note about authentication backends. Thanks auzigog for the proposal and lukegb for the patch.

Backport of r17752 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top