[patch] is_loggedin method for User and AnonymousUser models.
|Reported by:||Chris Beaven||Owned by:||Adrian Holovaty|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
is_loggedin method replaces the
Discussion from the django-developers group follows (see thread).
Templates treat non-existing variables as False; therefore; a
request.user somehow failing to get assigned would result in the
template treating the user as they are authenticated (is_anonymous
evaluates False). An is_loggedin would be a more secure option because
if request.user failed to get assigned, the template would treat the
user as anonymous.
I would much rather mistakenly treat an authenticated user as anonymous
than mistakenly treat an anonymous user as authenticated.
Change History (8)
comment:3 Changed 11 years ago by
|Summary:||is_loggedin method for User and AnonymousUser models. → [patch] is_loggedin method for User and AnonymousUser models.|