Re: [Django] #36540: alogout does not clear the request.auser attribute (was: `alogout` is not cleaning user cache correctly)
4 views
Skip to first unread message
Django
Aug 6, 2025, 5:21:17 AM8/6/25
to django-...@googlegroups.com
#36540: alogout does not clear the request.auser attribute
------------------------------+------------------------------------
Reporter: Xdynix | Owner: (none)
Type: Bug | Status: new
Component: contrib.auth | Version: 5.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
------------------------------+------------------------------------
Changes (by Sarah Boyce):
* cc: Jon Janzen (added)
* stage: Unreviewed => Accepted
* summary: `alogout` is not cleaning user cache correctly => alogout does
not clear the request.auser attribute
Comment:
Thank you for the clarification and the test
Apologies, it makes sense we are refering to `auser`, rather than `user`,
in the async case.
Confirmed that this bug has been present since `alogout` was implemented
in 5e98959d9242c57a55c65847758781f82d386fa4 (5.0)
Here is a possible fix:
{{{#!diff
--- a/django/contrib/auth/__init__.py
+++ b/django/contrib/auth/__init__.py
@@ -269,10 +269,12 @@ async def alogout(request):
user = None
await user_logged_out.asend(sender=user.__class__, request=request,
user=user)
await request.session.aflush()
- if hasattr(request, "user"):
+ if hasattr(request, "auser"):
from django.contrib.auth.models import AnonymousUser
+ async def auser():
+ return AnonymousUser()
- request.user = AnonymousUser()
+ request.auser = auser
def get_user_model():
}}}
Would you like to prepare a PR? This would include your test
--
Ticket URL: <https://code.djangoproject.com/ticket/36540#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
------------------------------+------------------------------------
Reporter: Xdynix | Owner: (none)
Type: Bug | Status: new
Component: contrib.auth | Version: 5.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
------------------------------+------------------------------------
Changes (by Sarah Boyce):
* cc: Jon Janzen (added)
* stage: Unreviewed => Accepted
* summary: `alogout` is not cleaning user cache correctly => alogout does
not clear the request.auser attribute
Comment:
Thank you for the clarification and the test
Apologies, it makes sense we are refering to `auser`, rather than `user`,
in the async case.
Confirmed that this bug has been present since `alogout` was implemented
in 5e98959d9242c57a55c65847758781f82d386fa4 (5.0)
Here is a possible fix:
{{{#!diff
--- a/django/contrib/auth/__init__.py
+++ b/django/contrib/auth/__init__.py
@@ -269,10 +269,12 @@ async def alogout(request):
user = None
await user_logged_out.asend(sender=user.__class__, request=request,
user=user)
await request.session.aflush()
- if hasattr(request, "user"):
+ if hasattr(request, "auser"):
from django.contrib.auth.models import AnonymousUser
+ async def auser():
+ return AnonymousUser()
- request.user = AnonymousUser()
+ request.auser = auser
def get_user_model():
}}}
Would you like to prepare a PR? This would include your test
--
Ticket URL: <https://code.djangoproject.com/ticket/36540#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Reply all
Reply to author
Forward
0 new messages