From e8269a6729150d26a5497d5eb51226ca19fa21b9 Mon Sep 17 00:00:00 2001 From: Preston Holmes Date: Sun, 9 Sep 2012 16:25:06 -0400 Subject: [1.5.x] Fixed #17869 - force logout when REMOTE_USER header disappears If the current sessions user was logged in via a remote user backend log out the user if REMOTE_USER header not available - otherwise leave it to other auth middleware to install the AnonymousUser. Thanks to Sylvain Bouchard for the initial patch and ticket maintenance. --- docs/releases/1.5.txt | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs') diff --git a/docs/releases/1.5.txt b/docs/releases/1.5.txt index ebf88e83b9..3ee1b2d21f 100644 --- a/docs/releases/1.5.txt +++ b/docs/releases/1.5.txt @@ -296,6 +296,9 @@ Django 1.5 also includes several smaller improvements worth noting: you to test equality for XML content at a semantic level, without caring for syntax differences (spaces, attribute order, etc.). +* RemoteUserMiddleware now forces logout when the REMOTE_USER header + disappears during the same browser session. + Backwards incompatible changes in 1.5 ===================================== -- cgit v1.3