magic-removal: Changed LazyUser implementation in auth middleware so that it doesn't take request.session in its constructor. This way, session data isn't saved over multiple requests

git-svn-id: http://code.djangoproject.com/svn/django/branches/magic-removal@2591 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-07-05 02:09:13 +00:00 · 2006-03-28 23:59:38 +00:00 · 2006-03-28 23:59:38 +00:00 · b13ff1762e
commit b13ff1762e
parent 02b3f4489d
1 changed files with 3 additions and 5 deletions
--- a/django/contrib/auth/middleware.py
+++ b/django/contrib/auth/middleware.py
@ -1,22 +1,20 @@
 class LazyUser(object):
-    def __init__(self, session):
-        self.session = session
+    def __init__(self):
        self._user = None

    def __get__(self, request, obj_type=None):
        if self._user is None:
            from django.contrib.auth.models import User, AnonymousUser, SESSION_KEY
            try:
-                user_id = self.session[SESSION_KEY]
+                user_id = request.session[SESSION_KEY]
                self._user = User.objects.get(pk=user_id)
            except (KeyError, User.DoesNotExist):
                self._user = AnonymousUser()
-            del self.session # We don't need to keep this around anymore.
        return self._user

 class AuthenticationMiddleware:
    def process_request(self, request):
        from django.contrib.auth.models import SESSION_KEY
        assert hasattr(request, 'session'), "The Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'."
-        request.__class__.user = LazyUser(request.session)
+        request.__class__.user = LazyUser()
        return None