Clarify authentication backend documentation
|Reported by:||Jeremy Blanchard||Owned by:||Luke Granger-Brown|
|Cc:||django@…||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The current text for the "NOTE" in this section of the documentation reads:
Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend for subsequent authentication attempts for that user. This effectively means that authentication sources are cached, so if you change AUTHENTICATION_BACKENDS, you'll need to clear out session data if you need to force users to re-authenticate using different methods. A simple way to do that is simply to execute Session.objects.all().delete().
It is pretty awkwardly worded in my opinion. It should be improved.
Change History (8)
comment:5 Changed 5 years ago by
|Component:||Uncategorized → Documentation|
|Triage Stage:||Unreviewed → Ready for checkin|
|Type:||Uncategorized → Cleanup/optimization|