Code

#20438 closed Bug (duplicate)

Users keep loged in even if the authentication backend cached in session is not longer available in AUTHENTICATION_BACKENDS

Reported by: jorgebastida Owned by: jorgebastida
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

If a user logs in with backend A and then we remove A from AUTHENTICATION_BACKENDS the user will still be log in even if the backend is no longer available in AUTHENTICATION_BACKENDS but the module is.

Attachments (0)

Change History (4)

comment:1 Changed 11 months ago by aaugustin

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

#18998 pretends this results in a crash, not in the user staying logged in.

To me it looks like these two tickets are really about the same problem, even though they describe different syndroms.

Last edited 11 months ago by aaugustin (previous) (diff)

comment:2 Changed 11 months ago by jorgebastida

comment:3 Changed 11 months ago by jorgebastida

  • Has patch set
  • Status changed from new to assigned
  • Triage Stage changed from Unreviewed to Ready for checkin

comment:4 Changed 11 months ago by claudep

  • Resolution set to duplicate
  • Status changed from assigned to closed

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.