Skip to content

sgarcialaguna-mms/logouttest

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

logouttest

logouttest

 
 

templates

templates

 
 

README.md

README.md

 
 

db.sqlite3

db.sqlite3

 
 

manage.py

manage.py

 
 

Repository files navigation

logouttest

Demonstrate a possible bug in Django.

To reproduce:

Make sure your browser isn't set to disable cache (e.g. when Chrome DevTools are open)
Log in with admin/admin.
Log out.
Log in again.
Log out again.
=> Homepage still says "You are logged in as admin"

Note that I enabled caching for the logout page within Django, in production, the caching is configured within Apache.

This bug did not occur with Django 1.6. I believe the bug was introduced with commit https://github.com/django/django/commit/393c0e24223c701edeb8ce7dc9d0f852f0c081ad, as previously Vary: Cookie header was set and so the logout page wouldn't be cached.

In production, we worked around this issue by setting the never_cache() decorator on the logout view.

Additionally, the call to delete_cookie() should set the cookie path in case settings.COOKIE_PATH is not '/'.

About

Demonstrate a possible bug in Django.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages