Opened 2 years ago

Closed 2 years ago

#20438 closed Bug (duplicate)

Users keep loged in even if the authentication backend cached in session is not longer available in AUTHENTICATION_BACKENDS

Reported by: jorgebastida Owned by: jorgebastida
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

If a user logs in with backend A and then we remove A from AUTHENTICATION_BACKENDS the user will still be log in even if the backend is no longer available in AUTHENTICATION_BACKENDS but the module is.

Change History (4)

comment:1 Changed 2 years ago by aaugustin

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

#18998 pretends this results in a crash, not in the user staying logged in.

To me it looks like these two tickets are really about the same problem, even though they describe different syndroms.

Last edited 2 years ago by aaugustin (previous) (diff)

comment:2 Changed 2 years ago by jorgebastida

comment:3 Changed 2 years ago by jorgebastida

  • Has patch set
  • Status changed from new to assigned
  • Triage Stage changed from Unreviewed to Ready for checkin

comment:4 Changed 2 years ago by claudep

  • Resolution set to duplicate
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.
Back to Top