diff options
| author | Preston Holmes <preston@ptone.com> | 2012-09-09 16:25:06 -0400 |
|---|---|---|
| committer | Preston Holmes <preston@ptone.com> | 2012-10-29 22:58:14 -0700 |
| commit | 9741912a9aaad083eaa8b9780cde37e1843cc4ae (patch) | |
| tree | a298aa4125cffb70e3ace60a77101205bec7c639 /docs | |
| parent | 2b5f848207b1dab35afd6f63d0107629c76d4d9a (diff) | |
Fixed #17869 - force logout when REMOTE_USER header disappears
If the current sessions user was logged in via a remote user backend log out
the user if REMOTE_USER header not available - otherwise leave it to other auth
middleware to install the AnonymousUser.
Thanks to Sylvain Bouchard for the initial patch and ticket maintenance.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.5.txt | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/docs/releases/1.5.txt b/docs/releases/1.5.txt index ebf88e83b9..3ee1b2d21f 100644 --- a/docs/releases/1.5.txt +++ b/docs/releases/1.5.txt @@ -296,6 +296,9 @@ Django 1.5 also includes several smaller improvements worth noting: you to test equality for XML content at a semantic level, without caring for syntax differences (spaces, attribute order, etc.). +* RemoteUserMiddleware now forces logout when the REMOTE_USER header + disappears during the same browser session. + Backwards incompatible changes in 1.5 ===================================== |
