0👍
✅
When you change the user’s password, their session is reset. Django takes care of reinjecting the session hash so that the user isn’t automatically logged out, but values you stored in the session will be gone.
I think you’re trying to keep your logout view from crashing. In logout, change each line to look like this: if 'username' in request.session: del request.session['username'] (replacing username with the correct value).
1👍
You can perform request.session.flush(), so session data will be flushed, see logout function from django auth source
def logout(request):
"""
Removes the authenticated user's ID from the request and flushes their
session data.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
# remember language choice saved to session
language = request.session.get(LANGUAGE_SESSION_KEY)
request.session.flush()
if language is not None:
request.session[LANGUAGE_SESSION_KEY] = language
if hasattr(request, 'user'):
from django.contrib.auth.models import AnonymousUser
request.user = AnonymousUser()
Source:stackexchange.com