Ticket #6941: clear_session_on_logout_and_login2.diff
| File clear_session_on_logout_and_login2.diff, 1.5 KB (added by , 16 years ago) |
|---|
-
django/contrib/auth/__init__.py
53 53 # TODO: It would be nice to support different login methods, like signed cookies. 54 54 user.last_login = datetime.datetime.now() 55 55 user.save() 56 if request.session.get(SESSION_KEY, user.id) != user.id: 57 # a different user was logged in, his data has to be cleared 58 request.session.destroy() 56 59 request.session[SESSION_KEY] = user.id 57 60 request.session[BACKEND_SESSION_KEY] = user.backend 58 61 if hasattr(request, 'user'): 59 62 request.user = user 60 63 61 def logout(request ):64 def logout(request, clear_session=True): 62 65 """ 63 Remove the authenticated user's ID from the request. 66 Remove the authenticated user's ID from the request and optionally clear 67 the session. 64 68 """ 65 try: 66 del request.session[SESSION_KEY] 67 except KeyError: 68 pass 69 try: 70 del request.session[BACKEND_SESSION_KEY] 71 except KeyError: 72 pass 69 if clear_session: 70 request.session.destroy() 71 else: 72 try: 73 del request.session[SESSION_KEY] 74 except KeyError: 75 pass 76 try: 77 del request.session[BACKEND_SESSION_KEY] 78 except KeyError: 79 pass 73 80 if hasattr(request, 'user'): 74 81 from django.contrib.auth.models import AnonymousUser 75 82 request.user = AnonymousUser()