Django/Auth: logout clears the session data?

CodeArtist picture CodeArtist · Apr 5, 2013 · Viewed 12.3k times · Source

I would like to know if auth.logout clears session data or i have to do it by my self.

from django.contrib.auth.decorators import login_required
from django.contrib import auth
@login_required
def logout(request):
    auth.logout(request)
    return redirect('base:homepage')

Something like this...

from django.contrib.auth.decorators import login_required
from django.contrib import auth

@login_required
def logout(request):
    for sesskey in request.session.keys():
        del request.session[sesskey]
    auth.logout(request)
    return redirect('base:homepage')

Thanks!

Answer

Pavel Anossov picture Pavel Anossov · Apr 5, 2013

Yes. Logout flushes the session.

This is its source:

def logout(request):
    """
    Removes the authenticated user's ID from the request and flushes their
    session data.
    """
    # Dispatch the signal before the user is logged out so the receivers have a
    # chance to find out *who* logged out.
    user = getattr(request, 'user', None)
    if hasattr(user, 'is_authenticated') and not user.is_authenticated():
        user = None
    user_logged_out.send(sender=user.__class__, request=request, user=user)

    request.session.flush()
    if hasattr(request, 'user'):
        from django.contrib.auth.models import AnonymousUser
        request.user = AnonymousUser()