Opened 11 years ago
Closed 11 years ago
#20438 closed Bug (duplicate)
Users keep loged in even if the authentication backend cached in session is not longer available in AUTHENTICATION_BACKENDS
| Reported by: | jorgebastida | Owned by: | jorgebastida |
|---|---|---|---|
| Component: | contrib.auth | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
If a user logs in with backend A and then we remove A from AUTHENTICATION_BACKENDS the user will still be log in even if the backend is no longer available in AUTHENTICATION_BACKENDS but the module is.
Change History (4)
comment:2 by , 11 years ago
Pull Request ready (https://github.com/django/django/pull/1103) fixing #20438 and #18998
comment:3 by , 11 years ago
| Has patch: | set |
|---|---|
| Status: | new → assigned |
| Triage Stage: | Unreviewed → Ready for checkin |
comment:4 by , 11 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
#18998 pretends this results in a crash, not in the user staying logged in.
To me it looks like these two tickets are really about the same problem, even though they describe different syndroms.