summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorPreston Holmes <preston@ptone.com>2012-09-09 16:25:06 -0400
committerPreston Holmes <preston@ptone.com>2012-10-29 22:58:14 -0700
commit9741912a9aaad083eaa8b9780cde37e1843cc4ae (patch)
treea298aa4125cffb70e3ace60a77101205bec7c639 /docs
parent2b5f848207b1dab35afd6f63d0107629c76d4d9a (diff)
Fixed #17869 - force logout when REMOTE_USER header disappears
If the current sessions user was logged in via a remote user backend log out the user if REMOTE_USER header not available - otherwise leave it to other auth middleware to install the AnonymousUser. Thanks to Sylvain Bouchard for the initial patch and ticket maintenance.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/1.5.txt3
1 files changed, 3 insertions, 0 deletions
diff --git a/docs/releases/1.5.txt b/docs/releases/1.5.txt
index ebf88e83b9..3ee1b2d21f 100644
--- a/docs/releases/1.5.txt
+++ b/docs/releases/1.5.txt
@@ -296,6 +296,9 @@ Django 1.5 also includes several smaller improvements worth noting:
you to test equality for XML content at a semantic level, without caring for
syntax differences (spaces, attribute order, etc.).
+* RemoteUserMiddleware now forces logout when the REMOTE_USER header
+ disappears during the same browser session.
+
Backwards incompatible changes in 1.5
=====================================