Opened 9 years ago

Closed 9 years ago

#25490 closed Cleanup/optimization (fixed)

Logout view can be cached by Safari

Reported by: Kaleb Elwert Owned by: nobody
Component: contrib.auth Version: 1.8
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Safari has a tendency to cache redirects, even when cookies are set. Unfortunately this means that sometimes visiting a logout view with a redirect will not log the user out.

https://github.com/django/django/pull/5379 contains a simple fix against the master branch, but currently no tests.

Attachments (1)

never-cache-logout.patch (441 bytes ) - added by Kaleb Elwert 9 years ago.
add @never_cache to django.contrib.auth.views.logout

Download all attachments as: .zip

Change History (4)

by Kaleb Elwert, 9 years ago

Attachment: never-cache-logout.patch added

add @never_cache to django.contrib.auth.views.logout

comment:1 by Tim Graham, 9 years ago

Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

By the way, if you provide a pull request, you don't need to also attach a patch on the ticket.

comment:2 by Kaleb Elwert, 9 years ago

Thanks. I'll keep that in mind for next time.

comment:3 by Tim Graham <timograham@…>, 9 years ago

Resolution: fixed
Status: newclosed

In adcf8233:

Fixed #25490 -- Made the logout() view send "no-cache" headers.

Note: See TracTickets for help on using tickets.
Back to Top