One approach would be to invalidate the sessions of the user when is_active is changed from True to False. This way the current registration method would work, and there would not be surprising "can use site as long as session is open" situations, because there would not be any open sessions.
There are numerous counter arguments to the idea: Unintended consequences. There is a possibility for race conditions, which would then be security issues. Action at distance. I don't know if this is possible to implement for all session backends. Just an idea maybe worth discussing. - Anssi On Sep 10, 12:03 am, Wim Feijen <[email protected]> wrote: > Jakob, thanks for looking into 13125 and taking action on it. > > I'd like to make a case to re-open ticket 13125. > > I understand that changing the current behaviour is backwards- > incompatible and therefor very unwanted. But, I'd say the current > implementation is forward-incompatible: meaning that current and > future users will stumble on something counter-intuitive and be amazed > that an inactive user can pass a login_required. > > For me, the current behaviour is contrary to most peoples expectation, > and my proposal would be to make the backwards-incompatible change to > make django more consistent (I might even say: more logical), which I > think is a good thing. > > My proposal is also to add an active_or_inactive_login_required > decorator (a better name is welcome) which just checks whether a user > is authenticated; and then people could import that as login_required. > > The consequence is that some people would need to make a change to > keep their code working in Django 1.4 , but it is my belief that this > is only a small part of the Django population who have the skills to > adapt and that it will have a benificial effect to most current and > all future users. > > Sorry that I raise this question again, but it is my strongest belief > that it will make Django better. > > Wim -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
