You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I'm developing an application that uses Django as a backend with django rest framework and django-user-sessions packages.
I implemented a logout api view that logs out user with django built-in method, and would like to delete session cookie after logging out.
Expected Behavior
user-sessions middleware correctly deletes cookie
Current Behavior
the cookie is not deleted. Also, I manually delete the cookie in the logout api response, the behavior is overidden by the middleware that reset the expiration to the old expiration time.
Possible Solution
After the logout the session object has a user_id of None. I don't know if there is a reason to keep a cookie with a session without a user, or if removing it could break something, but otherwise the solution could be to delete the cookie instead of resetting it if the user_id is None.
Steps to Reproduce (for bugs)
Just login and logout, then check the sessionid cookie in your browser storage.
Your Environment
Browser and version: Firefox 121
Python version: 3.11.7
Django version: 4.2.7
django-otp version: 1.2.4
django-user-sessions version: 2.0.0
The text was updated successfully, but these errors were encountered:
Hi, I'm developing an application that uses Django as a backend with django rest framework and django-user-sessions packages.
I implemented a logout api view that logs out user with django built-in method, and would like to delete session cookie after logging out.
Expected Behavior
user-sessions middleware correctly deletes cookie
Current Behavior
the cookie is not deleted. Also, I manually delete the cookie in the logout api response, the behavior is overidden by the middleware that reset the expiration to the old expiration time.
Possible Solution
After the logout the session object has a user_id of None. I don't know if there is a reason to keep a cookie with a session without a user, or if removing it could break something, but otherwise the solution could be to delete the cookie instead of resetting it if the user_id is None.
Steps to Reproduce (for bugs)
Just login and logout, then check the sessionid cookie in your browser storage.
Your Environment
The text was updated successfully, but these errors were encountered: