Login

Clear session data on login and logout

Author:
jb0t
Posted:
April 3, 2008
Language:
Python
Version:
.96
Score:
2 (after 2 ratings)

This was born as a result of the fact that session data is shared across logins on a single browser. If you login as user1 and session data is stored, then login as user2 the same session data will be available to your application. Please see the ticket who's validity is at this point in question. Some feel that this is normal behavior.

http://code.djangoproject.com/ticket/6941

I use this code in conjunction with

http://code.google.com/p/django-registration/

Place this code in registration.init and change registration.urls to have login and logout route to the new alternate versions alt_login, alt_logout.

I have only been using Python and Django for a couple months now so I hope that this implementation is not too terrible. It works for me. Enjoy.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
from django.contrib.auth.views import logout as original_logout
from django.contrib.auth.views import login as original_login
from django.contrib.sessions.backends.base import SessionBase

def alt_logout(request, *args, **kwargs):
    """
    Info on why this exists: http://code.djangoproject.com/ticket/6941
    Clears out any session data on logout that would otherwise persist
    for any subsequent logins regardless of user_id.
    """
    for sesskey in request.session.keys():
        del request.session[sesskey]
    return original_logout(request, *args, **kwargs)

def alt_login(request, *args, **kwargs):
    """
    Info on why this exists: http://code.djangoproject.com/ticket/6941
    Clears out any session data on login that would otherwise persist
    for any subsequent logins regardless of user_id.
    Session data is only cleared if the test cookie is not present.
    If its present, the session data is already cleared and this does nothing.
    """
    if SessionBase.TEST_COOKIE_NAME not in request.session:
        for sesskey in request.session.keys():
            del request.session[sesskey]
    return original_login(request, *args, **kwargs)

More like this

  1. Template tag - list punctuation for a list of items by shapiromatron 2 months ago
  2. JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 2 months, 1 week ago
  3. Serializer factory with Django Rest Framework by julio 9 months, 1 week ago
  4. Image compression before saving the new model / work with JPG, PNG by Schleidens 9 months, 4 weeks ago
  5. Help text hyperlinks by sa2812 10 months, 3 weeks ago

Comments

Please login first before commenting.