On 12/11/06, Jeremy Dunck <[EMAIL PROTECTED]> wrote: > Hmm, in our dj codebase, logging out doesn't expire the session > cookie. I'll have a look at trunk. I agree it's a useful property.
So, if I'm understanding you, the problem situation would look like this: 1. Alice logs in, does some stuff, logs out. 2. Alice's husband Bob visits the site on the same computer, and still has Alice's session cookie. If so, I don't think it's really a big problem (in the context of tying messages to sessions), since get_and_delete_messages() would be called any time RequestContext is instantiated, so the Message objects would be deleted before Bob ever gets to the site. -- "May the forces of evil become confused on the way to your house." -- George Carlin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
