#36540: `alogout` is not cleaning user cache correctly
------------------------+----------------------------------------
Reporter: Xdynix | Type: Bug
Status: new | Component: contrib.auth
Version: 5.2 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
------------------------+----------------------------------------
The ''request.auser'' method caches the ''user in _acached_user'', which
is not cleared during ''alogout''. Therefore, the following view code will
behave unexpectedly.
{{{
def delete_session(request: HttpRequest) -> None:
logger.info("Current user:", user=request.user.username) #
user="user"
logout(request)
logger.info("Current user:", user=request.user.username) # user=""
return None
async def delete_session(request: HttpRequest) -> None:
logger.info("Current user:", user=(await request.auser()).username) #
user="user"
await alogout(request)
logger.info("Current user:", user=(await request.auser()).username) #
user="user"
return None
}}}
It should be able to be fixed by adding the following to ''alogout''.
{{{
if hasattr(request, "_acached_user"):
delattr(request, "_acached_user")
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36540>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070198795d85ea-7fdd1e9e-c269-4ddb-b7ca-ce7b3db11f33-000000%40eu-central-1.amazonses.com.
