So, the mutli authentication seems to work well for the use case of a site accepting more than one authentication source to access some area, but not so well for the use case of a site accepting one source of authentication in one area and another source of authentication in a different area.
The contrib.auth.login function currently writes the user's id to session['_auth_user_id'] and the backend to session['_auth_user_backend']. When using more than one authentication backend, the session data gets stomped on. I propose that the session data be keyed by backend somehow so that authentication session data is kept separate. The login function would change to key the session data by backend. The logout function would log the user out of all backends, or optionally take in a backend to log the user out of only that particular backend. The get_user function with no parameters would return the first user object it finds calling backend.get_user() for each backend in AUTHENTICATION_BACKENDS in order, or optionally take a backend to try and get the user from. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
