Skip to content
Browse files

Added request.session.delete_test_cookie()

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 3dc1ede commit 39a907a051617d97a9724512791a4d9a53ee2f10 @adrianholovaty adrianholovaty committed
Showing with 13 additions and 1 deletion.
  1. +1 −0 django/middleware/
  2. +3 −0 django/middleware/
  3. +1 −0 django/views/auth/
  4. +8 −1 docs/sessions.txt
1 django/middleware/
@@ -81,6 +81,7 @@ def process_view(self, request, view_func, param_dict):
request.user = user
+ request.session.delete_test_cookie()
return httpwrappers.HttpResponseRedirect(request.path)
return self.display_login_form(request, ERROR_MESSAGE)
3 django/middleware/
@@ -30,6 +30,9 @@ def set_test_cookie(self):
def test_cookie_worked(self):
+ def delete_test_cookie(self):
+ del self[TEST_COOKIE_NAME]
def _get_session(self):
# Lazily loads session from storage.
1 django/views/auth/
@@ -18,6 +18,7 @@ def login(request):
if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
redirect_to = '/accounts/profile/'
request.session[users.SESSION_KEY] = manipulator.get_user_id()
+ request.session.delete_test_cookie()
return HttpResponseRedirect(redirect_to)
errors = {}
9 docs/sessions.txt
@@ -46,7 +46,7 @@ It implements the following standard dictionary methods:
* ``get(key, default=None)``
Example: ``fav_color = request.session.get('fav_color', 'red')``
-It also has these two methods:
+It also has these three methods:
* ``set_test_cookie()``
Sets a test cookie to determine whether the user's browser supports
@@ -60,6 +60,9 @@ It also has these two methods:
have to call ``set_test_cookie()`` on a previous, separate page request.
See "Setting test cookies" below for more information.
+ * ``delete_test_cookie()``
+ Deletes the test cookie. Use this to clean up after yourself.
You can edit ``request.session`` at any point in your view. You can edit it
multiple times.
@@ -120,11 +123,15 @@ This awkward split between ``set_test_cookie()`` and ``test_cookie_worked()``
is necessary due to the way cookies work. When you set a cookie, you can't
actually tell whether a browser accepted it until the browser's next request.
+It's good practice to use ``delete_test_cookie()`` to clean up after yourself.
+Do this after you've verified that the test cookie worked.
Here's a typical usage example::
def login(request):
if request.POST:
if request.session.test_cookie_worked():
+ request.session.delete_test_cookie()
return HttpResponse("You're logged in.")
return HttpResponse("Please enable cookies and try again.")

0 comments on commit 39a907a

Please sign in to comment.
Something went wrong with that request. Please try again.