Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#17841 closed Cleanup/optimization (fixed)

Clarify authentication backend documentation

Reported by: auzigog Owned by: lukegb
Component: Documentation Version: 1.3
Severity: Normal Keywords:
Cc: django@… Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

The current text for the "NOTE" in this section of the documentation reads:

Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend for subsequent authentication attempts for that user. This effectively means that authentication sources are cached, so if you change AUTHENTICATION_BACKENDS, you'll need to clear out session data if you need to force users to re-authenticate using different methods. A simple way to do that is simply to execute Session.objects.all().delete().

It is pretty awkwardly worded in my opinion. It should be improved.

Attachments (1)

17841.patch (959 bytes) - added by lukegb 3 years ago.
Patch for the change suggested by auzigog

Download all attachments as: .zip

Change History (8)

comment:1 Changed 3 years ago by auzigog

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

After getting clarification from SmileyChris and reading the core code, I would propose this updated text:

NOTE: Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend for the duration of that session whenever access to the currently authenticated user is needed. This effectively means that authentication sources are cached, ((continue with previous text that was there))

Version 2, edited 3 years ago by auzigog (previous) (next) (diff)

comment:2 Changed 3 years ago by auzigog

  • Easy pickings set

Marking as easy pickings

Changed 3 years ago by lukegb

Patch for the change suggested by auzigog

comment:3 Changed 3 years ago by lukegb

  • Has patch set
  • Owner changed from nobody to lukegb

Here's a patch for that. Setting has patch, and assigning to me.

comment:4 Changed 3 years ago by lukegb

  • Cc django@… added

Forgot to add to cc.

comment:5 Changed 3 years ago by julien

  • Component changed from Uncategorized to Documentation
  • Triage Stage changed from Unreviewed to Ready for checkin
  • Type changed from Uncategorized to Cleanup/optimization

comment:6 Changed 3 years ago by claudep

  • Resolution set to fixed
  • Status changed from new to closed

In [17752]:

Fixed #17841 -- Clarified caching note about authentication backends. Thanks auzigog for the proposal and lukegb for the patch.

comment:7 Changed 3 years ago by claudep

In [17753]:

[1.3.X] Fixed #17841 -- Clarified caching note about authentication backends. Thanks auzigog for the proposal and lukegb for the patch.

Backport of r17752 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top