#17869: With RemoteUserMiddleware, users keep being logged in after web server
stops sending REMOTE_USER headers
-------------------------------+--------------------------------------
Reporter: lamby | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.3
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by lamby):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
The fix which worked for Enrico is not perfect as calling auth.logout will
flush the session, this would break sessions for logged-out users as they
are cleared every request.
What we need to do instead is to check that we think the user "should" be
logged in (SESSION_KEY in request.session?) and then make a call to
logout.
--
Ticket URL: <https://code.djangoproject.com/ticket/17869#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
