Opened 7 years ago

Closed 7 years ago

#20438 closed Bug (duplicate)

Users keep loged in even if the authentication backend cached in session is not longer available in AUTHENTICATION_BACKENDS

Reported by: jorgebastida Owned by: jorgebastida
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


If a user logs in with backend A and then we remove A from AUTHENTICATION_BACKENDS the user will still be log in even if the backend is no longer available in AUTHENTICATION_BACKENDS but the module is.

Change History (4)

comment:1 Changed 7 years ago by Aymeric Augustin

#18998 pretends this results in a crash, not in the user staying logged in.

To me it looks like these two tickets are really about the same problem, even though they describe different syndroms.

Last edited 7 years ago by Aymeric Augustin (previous) (diff)

comment:2 Changed 7 years ago by jorgebastida

comment:3 Changed 7 years ago by jorgebastida

Has patch: set
Status: newassigned
Triage Stage: UnreviewedReady for checkin

comment:4 Changed 7 years ago by Claude Paroz

Resolution: duplicate
Status: assignedclosed
Note: See TracTickets for help on using tickets.
Back to Top