Django/Auth: logout clears the session data?

StackOverflow https://stackoverflow.com/questions/15842905

Question

I would like to know if auth.logout clears session data or i have to do it by my self.

from django.contrib.auth.decorators import login_required
from django.contrib import auth
@login_required
def logout(request):
    auth.logout(request)
    return redirect('base:homepage')

Something like this...

from django.contrib.auth.decorators import login_required
from django.contrib import auth

@login_required
def logout(request):
    for sesskey in request.session.keys():
        del request.session[sesskey]
    auth.logout(request)
    return redirect('base:homepage')

Thanks!

Was it helpful?

Solution

Yes. Logout flushes the session.

This is its source:

def logout(request):
    """
    Removes the authenticated user's ID from the request and flushes their
    session data.
    """
    # Dispatch the signal before the user is logged out so the receivers have a
    # chance to find out *who* logged out.
    user = getattr(request, 'user', None)
    if hasattr(user, 'is_authenticated') and not user.is_authenticated():
        user = None
    user_logged_out.send(sender=user.__class__, request=request, user=user)

    request.session.flush()
    if hasattr(request, 'user'):
        from django.contrib.auth.models import AnonymousUser
        request.user = AnonymousUser()

OTHER TIPS

If you mean deleting the record in 'django_session' table by clearing session data, I'm afraid logout function does not do that.

Usually, we have to clear expired session records in 'django_session' table by other ways. Like crontab task to run 'python manage.py clearsessions' periodically

See this for more information.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top