On 4/11/07, jeffhg58 <[EMAIL PROTECTED]> wrote: > The only problem I am having is when I log out and either hit the back > button or go to my home > page from the browser it does not give me the login prompt window.
This is kind of tricky and exposes a pseudo-bug in Django. What's happening is this: 1. At the time the request starts, you're logged in, and so the AuthenticationMiddleware sets 'request.user' so that it returns your User object, which in turn returns True on an 'is_authenticated()' check. 2. At the time that you hit the 'login_required' decorator, you haven't yet hit the view code which logs you out, so you pass that check and don't get redirected to a login form. 3. When the 'logout' view logs you out, it doesn't reset 'request.user', so any template rendering which uses an 'is_authenticated()' check will get confused (this is the bug). 4. When the response comes back to your browser, it includes cookie headers which make the logout persist. So if you use the 'logout' view and return a template directly from it, the template may "think" you're logged in even though you're not (you can't actually do anything which requires authentication, it's just that 'request.user' wasn't updated before the template rendered). If you instead have 'logout' redirect to another URL, you'll see everything working intuitively, because that involves a new request which starts out with 'request.user' as an AnonymousUser. Hitting the back button probably causes the behavior you're seeing because some browsers don't actually hit the server on a "back" and instead reload the page from cache, which means you'll see the same thing you saw when you were logged in previously. The confusing aspects of this can be handled by having Django reset 'request.user' on authentication changes (it also doesn't do so on login, which can be somewhat counterintuitive when using things like the registered comments model), so I'll file a ticket for that. -- "Bureaucrat Conrad, you are technically correct -- the best kind of correct." --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
