Here is the relevant code: https://github.com/django/django/blob/master/django/contrib/auth/__init__.py#L63-70
On Nov 15, 1:44 pm, Byron Ruth <bjr...@gmail.com> wrote: > Posted original on the Django Users group because I thought I was > missing > something:http://groups.google.com/group/django-users/browse_thread/thread/a612... > > Per what Tom mentions on the Django Users thread: > > - an authenticated user logging in under a different account keeps the > session key, but session data is flushed > - a non-authenticated user keeps the session data but gets a new > session key > > This behavior is confusing especially the latter since data was > persisted pre-auth to post-auth even though the session key changed. > There is certainly utility for persisting post-auth (e.g. e-commerce), > but this is not documented anywhere. > > How would everyone feel about making this a setting, e.g. > SESSION_FLUSH_AT_LOGIN? If false, it would behave as it does now > otherwise it would flush the non-auth session. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
