summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorPreston Holmes <preston@ptone.com>2012-09-09 16:25:06 -0400
committerPreston Holmes <preston@ptone.com>2012-10-29 22:58:36 -0700
commite8269a6729150d26a5497d5eb51226ca19fa21b9 (patch)
treefe7ce7e3c58beba448ba996310a5f00b7475339c /docs
parent402a986c25db9c95a6ba83089e98c5aa92c4da05 (diff)
[1.5.x] Fixed #17869 - force logout when REMOTE_USER header disappears
If the current sessions user was logged in via a remote user backend log out the user if REMOTE_USER header not available - otherwise leave it to other auth middleware to install the AnonymousUser. Thanks to Sylvain Bouchard for the initial patch and ticket maintenance.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/1.5.txt3
1 files changed, 3 insertions, 0 deletions
diff --git a/docs/releases/1.5.txt b/docs/releases/1.5.txt
index ebf88e83b9..3ee1b2d21f 100644
--- a/docs/releases/1.5.txt
+++ b/docs/releases/1.5.txt
@@ -296,6 +296,9 @@ Django 1.5 also includes several smaller improvements worth noting:
you to test equality for XML content at a semantic level, without caring for
syntax differences (spaces, attribute order, etc.).
+* RemoteUserMiddleware now forces logout when the REMOTE_USER header
+ disappears during the same browser session.
+
Backwards incompatible changes in 1.5
=====================================