Authentication backends documentation doesn't mention that backends are stored in Sessions.
|Reported by:||kyle.fox@…||Owned by:||jacob|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The Authentication Backends docs don't mention that when a User is successfully authenticated, the path to the backend that authenticated them is stored in a Session variable.
Problems can occur when you change settings.py from one custom backend to another backend. Django attempts to import the backend specified by the path in the session, so when a request comes from a User who has already authenticated through the previous backend an exception is raised.
A simple fix for this is Session.objects.all().delete(). However it should be noted that even after updating the AUTHENTICATION_BACKENDS setting, your application may still contain references to the old setting.
Change History (5)
comment:2 Changed 5 years ago by jacob
- milestone set to 1.1
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted
comment:3 Changed 5 years ago by jacob
- Owner changed from nobody to jacob
- Status changed from new to assigned
comment:4 Changed 5 years ago by jacob
- Resolution set to fixed
- Status changed from assigned to closed