Re: [Django] #36540: alogout does not clear the request.auser attribute (was: `alogout` is not cleaning user cache correctly)

Wed, 06 Aug 2025 02:21:18 -0700 

#36540: alogout does not clear the request.auser attribute
------------------------------+------------------------------------
     Reporter:  Xdynix        |                    Owner:  (none)
         Type:  Bug           |                   Status:  new
    Component:  contrib.auth  |                  Version:  5.2
     Severity:  Normal        |               Resolution:
     Keywords:                |             Triage Stage:  Accepted
    Has patch:  0             |      Needs documentation:  0
  Needs tests:  0             |  Patch needs improvement:  0
Easy pickings:  1             |                    UI/UX:  0
------------------------------+------------------------------------
Changes (by Sarah Boyce):

 * cc: Jon Janzen (added)
 * stage:  Unreviewed => Accepted
 * summary:  `alogout` is not cleaning user cache correctly => alogout does
     not clear the request.auser attribute

Comment:

 Thank you for the clarification and the test
 Apologies, it makes sense we are refering to `auser`, rather than `user`,
 in the async case.
 Confirmed that this bug has been present since `alogout` was implemented
 in 5e98959d9242c57a55c65847758781f82d386fa4 (5.0)

 Here is a possible fix:
 {{{#!diff
 --- a/django/contrib/auth/__init__.py
 +++ b/django/contrib/auth/__init__.py
 @@ -269,10 +269,12 @@ async def alogout(request):
          user = None
      await user_logged_out.asend(sender=user.__class__, request=request,
 user=user)
      await request.session.aflush()
 -    if hasattr(request, "user"):
 +    if hasattr(request, "auser"):
          from django.contrib.auth.models import AnonymousUser
 +        async def auser():
 +            return AnonymousUser()

 -        request.user = AnonymousUser()
 +        request.auser = auser


  def get_user_model():
 }}}

 Would you like to prepare a PR? This would include your test
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36540#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/010701987eaf3d8b-f701cc25-997e-415f-995b-c83d9fa38f6d-000000%40eu-central-1.amazonses.com.

Reply via email to