Opened 11 years ago
Closed 11 years ago
#20438 closed Bug (duplicate)
Users keep loged in even if the authentication backend cached in session is not longer available in AUTHENTICATION_BACKENDS
Reported by: | jorgebastida | Owned by: | jorgebastida |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
If a user logs in with backend A and then we remove A from AUTHENTICATION_BACKENDS
the user will still be log in even if the backend is no longer available in AUTHENTICATION_BACKENDS
but the module is.
Change History (4)
comment:2 by , 11 years ago
Pull Request ready (https://github.com/django/django/pull/1103) fixing #20438 and #18998
comment:3 by , 11 years ago
Has patch: | set |
---|---|
Status: | new → assigned |
Triage Stage: | Unreviewed → Ready for checkin |
comment:4 by , 11 years ago
Resolution: | → duplicate |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
#18998 pretends this results in a crash, not in the user staying logged in.
To me it looks like these two tickets are really about the same problem, even though they describe different syndroms.