id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
4015	login and logout should update request.user	James Bennett	Adrian Holovaty	"Currently, `django.contrib.auth.login` and `django.contrib.auth.logout` don't update `request.user`, which means that things which happen after those functions are called (e.g., templates which include `{% if user.is_authenticated %}`) will not see that the authentication status has changed.

This causes some counterintuitive behavior:

  * If you use `django.contrib.auth.views.logout` and have it return a template directly, the template may ""think"" you're still logged in even though you aren't (because `request.user` is still a `User` object). Having it return a redirect instead shows the expected behavior, because it ends up generating a new request).
  * If you use forms which subclass `django.contrib.auth.forms.AuthenticationForm` (e.g., the form for posting registered comments), the form may still think you're anonymous even after it's successfully logged you in (because `request.user` is still an `AnonymousUser` object). This is why, for example, entering a username and password when previewing a registered comment seems to do nothing (the form will still think those fields are required, because it doesn't know you've successfully logged in during that request).

Having `login` and `logout` update `request.user` would clear this up."		closed	Contrib apps	dev		fixed			Ready for checkin	1	0	0	0	0	0