Permalink
Browse files

Fixed #17841 -- Clarified caching note about authentication backends.…

… Thanks auzigog for the proposal and lukegb for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17752 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 232c99c commit ecf75e5957dfccc44c6a79abcc095592e26b576a @claudep claudep committed Mar 16, 2012
Showing with 3 additions and 2 deletions.
  1. +3 −2 docs/topics/auth.txt
View
@@ -1783,8 +1783,9 @@ processing at the first positive match.
Once a user has authenticated, Django stores which backend was used to
authenticate the user in the user's session, and re-uses the same backend
- for subsequent authentication attempts for that user. This effectively means
- that authentication sources are cached, so if you change
+ for the duration of that session whenever access to the currently
+ authenticated user is needed. This effectively means that authentication
+ sources are cached on a per-session basis, so if you change
:setting:`AUTHENTICATION_BACKENDS`, you'll need to clear out session data if
you need to force users to re-authenticate using different methods. A simple
way to do that is simply to execute ``Session.objects.all().delete()``.

0 comments on commit ecf75e5

Please sign in to comment.