def login(request, user): """ Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. """ if user is None: user = request.user # TODO: It would be nice to support different login methods, like signed cookies. user.last_login = datetime.datetime.now() if SESSION_KEY in request.session: if request.session[SESSION_KEY] != user.username: # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. request.session.flush() else: request.session.cycle_key() request.session[SESSION_KEY] = user.username request.session[BACKEND_SESSION_KEY] = user.backend if request.session.get('remember_me', False): request.session.set_expiry(config.LOGIN_REMEMBER_DAYS * 24 * 60 * 60) if hasattr(request, 'user'): request.user = user user_logged_in.send(sender=user.__class__, request=request, user=user)
def login(request, user): """ Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. """ if user is None: user = request.user # TODO: It would be nice to support different login methods, like signed cookies. user.last_login = datetime.datetime.now() if SESSION_KEY in request.session: if request.session[SESSION_KEY] != user.username: # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. request.session.flush() else: request.session.cycle_key() request.session[SESSION_KEY] = user.username request.session[BACKEND_SESSION_KEY] = user.backend if request.session.get('remember_me', False): request.session.set_expiry(settings.LOGIN_REMEMBER_DAYS * 24 * 60 * 60) if hasattr(request, 'user'): request.user = user user_logged_in.send(sender=user.__class__, request=request, user=user)