| commit | 7102de37944686dc5d3756242bf98a6d5b17e308 | |
| author | mtredinnick <mtredinnick@bcc190cf-cafb-0310-a4f2-bffc1f526a37> | |
| Thu, 14 Aug 2008 03:58:00 +0000 (14 03:58 +0000) | ||
| committer | mtredinnick <mtredinnick@bcc190cf-cafb-0310-a4f2-bffc1f526a37> | |
| Thu, 14 Aug 2008 03:58:00 +0000 (14 03:58 +0000) | ||
| tree | 5da5e6d0dfb046a89335a650bc790cb340aca55f | treesnapshot (tar.gz zip) |
| parent | f746707636936bdab25f82ee7d398ed0405165ea | commitdiff |
Fixed #6941 -- When logging a user out, or when logging in with an existing
session and a different user id to the current session owner, flush the session
data to avoid leakage. Logging in and moving from an anonymous user to a
validated user still keeps existing session data.
Backwards incompatible if you were assuming sessions persisted past logout.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8343 bcc190cf-cafb-0310-a4f2-bffc1f526a37
session and a different user id to the current session owner, flush the session
data to avoid leakage. Logging in and moving from an anonymous user to a
validated user still keeps existing session data.
Backwards incompatible if you were assuming sessions persisted past logout.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8343 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| django/contrib/auth/__init__.py | diffblobblamehistory | |
| docs/authentication.txt | diffblobblamehistory | |
| docs/sessions.txt | diffblobblamehistory |