Anonymous session carries over to authenticated session

[Byron Ruth]

I have some data I persist in a user's session regardless if the user
is anonymous or authenticated. I noticed after I logged in that my
anonymous session data carried over in my authenticated session store.
I thought this behavior was a bit unexpected although I could
certainly see where this would be useful (e.g. e-commerce).

I am curious if this is by design and whether or not this should be a
documented feature and possibly even potentially a setting to toggle
the behavior.

[Tom Evans]

It depends - if you are already authenticated as a different user when
you login, then your session is flushed, but you keep the same session
key. If you are not already authenticated, then you keep your session,
but your session key is changed.

Neither of these details are mentioned in the docs:

https://docs.djangoproject.com/en/1.3/topics/auth/#django.contrib.auth.login

Cheers

Tom

[Byron Ruth]

Thanks for info Tom. This behavior is confusing. I am going to post it
on the Django Developers group.

> https://docs.djangoproject.com/en/1.3/topics/auth/#django.contrib.aut...
>
> Cheers
>
> Tom

[Byron Ruth]

Posted on Django Developers:
http://groups.google.com/group/django-developers/browse_thread/thread/93dd04dc07ddf612