diff options
| author | Preston Holmes <preston@ptone.com> | 2012-09-09 16:25:06 -0400 |
|---|---|---|
| committer | Preston Holmes <preston@ptone.com> | 2012-10-29 22:58:36 -0700 |
| commit | e8269a6729150d26a5497d5eb51226ca19fa21b9 (patch) | |
| tree | fe7ce7e3c58beba448ba996310a5f00b7475339c /docs | |
| parent | 402a986c25db9c95a6ba83089e98c5aa92c4da05 (diff) | |
[1.5.x] Fixed #17869 - force logout when REMOTE_USER header disappears
If the current sessions user was logged in via a remote user backend log out
the user if REMOTE_USER header not available - otherwise leave it to other auth
middleware to install the AnonymousUser.
Thanks to Sylvain Bouchard for the initial patch and ticket maintenance.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.5.txt | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/docs/releases/1.5.txt b/docs/releases/1.5.txt index ebf88e83b9..3ee1b2d21f 100644 --- a/docs/releases/1.5.txt +++ b/docs/releases/1.5.txt @@ -296,6 +296,9 @@ Django 1.5 also includes several smaller improvements worth noting: you to test equality for XML content at a semantic level, without caring for syntax differences (spaces, attribute order, etc.). +* RemoteUserMiddleware now forces logout when the REMOTE_USER header + disappears during the same browser session. + Backwards incompatible changes in 1.5 ===================================== |
