#17869: With RemoteUserMiddleware, users keep being logged in after web server stops sending REMOTE_USER headers -------------------------------+-------------------------------------- Reporter: lamby | Owner: nobody Type: Uncategorized | Status: new Component: Uncategorized | Version: 1.3 Severity: Normal | Resolution: Keywords: | Triage Stage: Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------+-------------------------------------- Changes (by lamby):
* needs_better_patch: => 0 * needs_tests: => 0 * needs_docs: => 0 Comment: The fix which worked for Enrico is not perfect as calling auth.logout will flush the session, this would break sessions for logged-out users as they are cleared every request. What we need to do instead is to check that we think the user "should" be logged in (SESSION_KEY in request.session?) and then make a call to logout. -- Ticket URL: <https://code.djangoproject.com/ticket/17869#comment:1> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.