51 if user is None: |
51 if user is None: |
52 user = request.user |
52 user = request.user |
53 # TODO: It would be nice to support different login methods, like signed cookies. |
53 # TODO: It would be nice to support different login methods, like signed cookies. |
54 user.last_login = datetime.datetime.now() |
54 user.last_login = datetime.datetime.now() |
55 user.save() |
55 user.save() |
|
56 |
|
57 if SESSION_KEY in request.session: |
|
58 if request.session[SESSION_KEY] != user.id: |
|
59 # To avoid reusing another user's session, create a new, empty |
|
60 # session if the existing session corresponds to a different |
|
61 # authenticated user. |
|
62 request.session.flush() |
|
63 else: |
|
64 request.session.cycle_key() |
56 request.session[SESSION_KEY] = user.id |
65 request.session[SESSION_KEY] = user.id |
57 request.session[BACKEND_SESSION_KEY] = user.backend |
66 request.session[BACKEND_SESSION_KEY] = user.backend |
58 if hasattr(request, 'user'): |
67 if hasattr(request, 'user'): |
59 request.user = user |
68 request.user = user |
60 |
69 |
61 def logout(request): |
70 def logout(request): |
62 """ |
71 """ |
63 Remove the authenticated user's ID from the request. |
72 Removes the authenticated user's ID from the request and flushes their |
|
73 session data. |
64 """ |
74 """ |
65 try: |
75 request.session.flush() |
66 del request.session[SESSION_KEY] |
|
67 except KeyError: |
|
68 pass |
|
69 try: |
|
70 del request.session[BACKEND_SESSION_KEY] |
|
71 except KeyError: |
|
72 pass |
|
73 if hasattr(request, 'user'): |
76 if hasattr(request, 'user'): |
74 from django.contrib.auth.models import AnonymousUser |
77 from django.contrib.auth.models import AnonymousUser |
75 request.user = AnonymousUser() |
78 request.user = AnonymousUser() |
76 |
79 |
77 def get_user(request): |
80 def get_user(request): |