How does your view.py look like? I use the decorator @login_required right before each def that I want to ensure is viewable only to the logged-in user.
On Fri, Aug 28, 2009 at 12:00 PM, David <ww...@yahoo.com> wrote: > > hello Django community, > > I met this problem and can not find a solution. I wonder if any people > has met this problem before? Can anybody give a clue or hint how to > fix it? > > For my project, I have enabled sessions and I use > contrib.auth.models.User. If one user logins into his/her account, all > is perfect. However, if another user logins (no matter if it is from > the same computer or from another computer), then the two users sees > each other's information in their own account. > > I also found that > > (1.) request.user.username gives another logined user's name instead > of this one (the correct one) even though I called > request.user.is_authenticated(). > > (2.) request.session['username'] does not give the username that I > assigned it earlier. > > (3.) Old session is still there even though a user log-out correctly, > closes the browser (IE) and then opens another browser (Firefox). > > I have put "SESSION_EXPIRE_AT_BROWSER_CLOSE = True" in settings > already. In my code I have request.session.set_expiry(0). > > Checking my session table, I can see that the "expire date" for > sessions are in two weeks. Does this mean that > "SESSION_EXPIRE_AT_BROWSER_CLOSE = True" did not work? > > Any suggestions? > > Thanks so much. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---