From 1dd8848bebfcf98ae688984c7686250f7956acb6 Mon Sep 17 00:00:00 2001 From: Claude Paroz Date: Fri, 16 Mar 2012 19:32:13 +0000 Subject: [PATCH] [1.3.X] Fixed #17841 -- Clarified caching note about authentication backends. Thanks auzigog for the proposal and lukegb for the patch. Backport of r17752 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17753 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/topics/auth.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt index bb7bf4b07a..e34ab95295 100644 --- a/docs/topics/auth.txt +++ b/docs/topics/auth.txt @@ -1518,8 +1518,9 @@ processing at the first positive match. Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend - for subsequent authentication attempts for that user. This effectively means - that authentication sources are cached, so if you change + for the duration of that session whenever access to the currently + authenticated user is needed. This effectively means that authentication + sources are cached on a per-session basis, so if you change :setting:`AUTHENTICATION_BACKENDS`, you'll need to clear out session data if you need to force users to re-authenticate using different methods. A simple way to do that is simply to execute ``Session.objects.all().delete()``.