Does Django flush the request.session object on User Login?

Question

I am setting a session variable in my Django application, like this:

request.session['something'] = True

After this, I am redirecting the user to Login (via facebook - django-social-auth). After the user is successfully logged in, my session variable is lost. I know this because:-

if "something" in request.session -- is returning False

Does Django flush the session object on login/logout (using the Django Authentication System) or am I doing something wrong?

Answer 1

According to the login source code:

def login(request, user):
    """
    Persist a user id and a backend in the request. This way a user doesn't
    have to reauthenticate on every request. Note that data set during
    the anonymous session is retained when the user logs in.
    """

So, if you set something in the anonymous request.session it will be there after logging in.

login flushes the session only if the existing session corresponds to a different authenticated user.

logout always flushes the session (source code).

Hope that helps.