id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
36540	alogout does not clear the request.auser attribute	Xdynix	Xdynix	"The ''request.auser'' method caches the ''user in _acached_user'', which is not cleared during ''alogout''. Therefore, the following view code will behave unexpectedly.

{{{
def delete_session(request: HttpRequest) -> None:
    logger.info(""Current user:"", user=request.user.username)  # user=""user""
    logout(request)
    logger.info(""Current user:"", user=request.user.username)  # user=""""
    return None

async def delete_session(request: HttpRequest) -> None:
    logger.info(""Current user:"", user=(await request.auser()).username)  # user=""user""
    await alogout(request)
    logger.info(""Current user:"", user=(await request.auser()).username)  # user=""user""
    return None
}}}

It should be able to be fixed by adding the following to ''alogout''.


{{{
if hasattr(request, ""_acached_user""):
    delattr(request, ""_acached_user"")
}}}
"	Bug	closed	contrib.auth	5.2	Normal	fixed		Jon Janzen	Ready for checkin	1	0	0	0	1	0