summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorMatt Robenolt <matt@ydekproductions.com>2013-08-18 22:36:36 -0700
committerRamiro Morales <cramm0@gmail.com>2014-05-11 21:42:26 -0300
commit393c0e24223c701edeb8ce7dc9d0f852f0c081ad (patch)
treeb98b751093d3732d4d27cf2262d2a26be08e02f7 /docs
parent9762ba26304dd927d69fc5446df2e83dc22aa2e3 (diff)
Fixed #20936 -- When logging out/ending a session, don't create a new, empty session.
Previously, when logging out, the existing session was overwritten by a new sessionid instead of deleting the session altogether. This behavior added overhead by creating a new session record in whichever backend was in use: db, cache, etc. This extra session is unnecessary at the time since no session data is meant to be preserved when explicitly logging out.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/1.8.txt3
-rw-r--r--docs/topics/http/sessions.txt13
2 files changed, 11 insertions, 5 deletions
diff --git a/docs/releases/1.8.txt b/docs/releases/1.8.txt
index c4e0ade59e..cd2317df42 100644
--- a/docs/releases/1.8.txt
+++ b/docs/releases/1.8.txt
@@ -61,7 +61,8 @@ Minor features
:mod:`django.contrib.sessions`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-* ...
+* Session cookie is now deleted after
+ :meth:`~django.contrib.sessions.backends.base.SessionBase.flush()` is called.
:mod:`django.contrib.sitemaps`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/docs/topics/http/sessions.txt b/docs/topics/http/sessions.txt
index 864777bfe4..4188655329 100644
--- a/docs/topics/http/sessions.txt
+++ b/docs/topics/http/sessions.txt
@@ -231,12 +231,17 @@ You can edit it multiple times.
.. method:: flush()
- Delete the current session data from the session and regenerate the
- session key value that is sent back to the user in the cookie. This is
- used if you want to ensure that the previous session data can't be
- accessed again from the user's browser (for example, the
+ Delete the current session data from the session and delete the session
+ cookie. This is used if you want to ensure that the previous session data
+ can't be accessed again from the user's browser (for example, the
:func:`django.contrib.auth.logout()` function calls it).
+ .. versionchanged:: 1.8
+
+ Deletion of the session cookie is a behavior new in Django 1.8.
+ Previously, the behavior was to regenerate the session key value that
+ was sent back to the user in the cookie.
+
.. method:: set_test_cookie()
Sets a test cookie to determine whether the user's browser supports