diff options
| author | Matt Robenolt <matt@ydekproductions.com> | 2013-08-18 22:36:36 -0700 |
|---|---|---|
| committer | Ramiro Morales <cramm0@gmail.com> | 2014-05-11 21:42:26 -0300 |
| commit | 393c0e24223c701edeb8ce7dc9d0f852f0c081ad (patch) | |
| tree | b98b751093d3732d4d27cf2262d2a26be08e02f7 /docs | |
| parent | 9762ba26304dd927d69fc5446df2e83dc22aa2e3 (diff) | |
Fixed #20936 -- When logging out/ending a session, don't create a new, empty session.
Previously, when logging out, the existing session was overwritten by a
new sessionid instead of deleting the session altogether.
This behavior added overhead by creating a new session record in
whichever backend was in use: db, cache, etc.
This extra session is unnecessary at the time since no session data is
meant to be preserved when explicitly logging out.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.8.txt | 3 | ||||
| -rw-r--r-- | docs/topics/http/sessions.txt | 13 |
2 files changed, 11 insertions, 5 deletions
diff --git a/docs/releases/1.8.txt b/docs/releases/1.8.txt index c4e0ade59e..cd2317df42 100644 --- a/docs/releases/1.8.txt +++ b/docs/releases/1.8.txt @@ -61,7 +61,8 @@ Minor features :mod:`django.contrib.sessions` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* ... +* Session cookie is now deleted after + :meth:`~django.contrib.sessions.backends.base.SessionBase.flush()` is called. :mod:`django.contrib.sitemaps` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/topics/http/sessions.txt b/docs/topics/http/sessions.txt index 864777bfe4..4188655329 100644 --- a/docs/topics/http/sessions.txt +++ b/docs/topics/http/sessions.txt @@ -231,12 +231,17 @@ You can edit it multiple times. .. method:: flush() - Delete the current session data from the session and regenerate the - session key value that is sent back to the user in the cookie. This is - used if you want to ensure that the previous session data can't be - accessed again from the user's browser (for example, the + Delete the current session data from the session and delete the session + cookie. This is used if you want to ensure that the previous session data + can't be accessed again from the user's browser (for example, the :func:`django.contrib.auth.logout()` function calls it). + .. versionchanged:: 1.8 + + Deletion of the session cookie is a behavior new in Django 1.8. + Previously, the behavior was to regenerate the session key value that + was sent back to the user in the cookie. + .. method:: set_test_cookie() Sets a test cookie to determine whether the user's browser supports |
