stupidgeek wrote: > David, you are a champ, thank you. > I find it strange that this made the difference, since this line is in > the docs: > > "The get_user method takes a user_id -- which could be a username, > database ID or whatever -- and returns a User object." >
We-ell, the "user_id" it passes to the backend comes from session[auth.SESSION_KEY], so it's probably possible to arrange for that value in the session to be something other than a normal User.id, with a custom login() and auth middleware in addition to a custom auth backend... I imagine it's not something most people need to do though. Also, python being python it _could_ do something like look up a User instance by id if passed an int and by username if passed a string. Not saying that's a good idea though, best keep security things as simple as possible to reason about... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---