#23066: Already logged-in user remains logged in when RemoteUser authentication of new user fails -------------------------------------+------------------------------------- Reporter: david.greisen@… | Owner: nobody Type: Bug | Status: closed Component: contrib.auth | Version: master Severity: Normal | Resolution: fixed Keywords: remoteUserBackend | Triage Stage: Accepted RemoteUserMiddleware | Needs documentation: 0 Has patch: 1 | Patch needs improvement: 0 Needs tests: 1 | UI/UX: 0 Easy pickings: 0 | -------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>): In [changeset:"dd68f319b365f6cb38c5a6c106faf4f6142d7d88"]: {{{ #!CommitTicketReference repository="" revision="dd68f319b365f6cb38c5a6c106faf4f6142d7d88" [1.5.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change. This is a security fix. Disclosure following shortly. }}} -- Ticket URL: <https://code.djangoproject.com/ticket/23066#comment:6> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/080.175945252dade7e1832b10ca3772a59d%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.