Hi everyone, After a quick peekat the code in get_user(), I'm curious is there any reason we currently don't flush the user's session (or at least remove the SESSION_KEY and BACKEND_SESSION_KEY) if the backend returns None for the user's id?
I can't see how being able to hang on to an unauthorized session in hope it will become authorized again can be anything but a bug. Regards, Łukasz Rekucki -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
