Login

Clear session data on login and logout

Author:
jb0t
Posted:
April 3, 2008
Language:
Python
Version:
.96
Tags:
session login logout delete clear sessions
Score:
2 (after 2 ratings)

This was born as a result of the fact that session data is shared across logins on a single browser. If you login as user1 and session data is stored, then login as user2 the same session data will be available to your application. Please see the ticket who's validity is at this point in question. Some feel that this is normal behavior.

http://code.djangoproject.com/ticket/6941

I use this code in conjunction with

http://code.google.com/p/django-registration/

Place this code in registration.init and change registration.urls to have login and logout route to the new alternate versions alt_login, alt_logout.

I have only been using Python and Django for a couple months now so I hope that this implementation is not too terrible. It works for me. Enjoy.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
from django.contrib.auth.views import logout as original_logout
from django.contrib.auth.views import login as original_login
from django.contrib.sessions.backends.base import SessionBase

def alt_logout(request, *args, **kwargs):
    """
    Info on why this exists: http://code.djangoproject.com/ticket/6941
    Clears out any session data on logout that would otherwise persist
    for any subsequent logins regardless of user_id.
    """
    for sesskey in request.session.keys():
        del request.session[sesskey]
    return original_logout(request, *args, **kwargs)

def alt_login(request, *args, **kwargs):
    """
    Info on why this exists: http://code.djangoproject.com/ticket/6941
    Clears out any session data on login that would otherwise persist
    for any subsequent logins regardless of user_id.
    Session data is only cleared if the test cookie is not present.
    If its present, the session data is already cleared and this does nothing.
    """
    if SessionBase.TEST_COOKIE_NAME not in request.session:
        for sesskey in request.session.keys():
            del request.session[sesskey]
    return original_login(request, *args, **kwargs)

More like this

  1. login on activation with django-registration by morgan 5 years, 3 months ago
  2. Django Registration with GMail account by btbytes 8 years, 3 months ago
  3. Show logged users - keeping track of users login and logout by albertorcf 2 years, 10 months ago
  4. Login message middleware by nipuL 7 years, 3 months ago
  5. Clear Django Cache by girasquid 6 years, 9 months ago

Comments

Please login first before commenting.