I am currently developing a Django website and I am using django.contrib.auth and django-security-session for closing user sessions automatically.
In case a user leaves its session open and a new user arrives at the same navigator after that session expired, if the new user attempts to use that same session, the session will be automatically closed. However, if now this new user logs in again, he is redirected to the last page where the previous user was.
I have taken a look at the code from django-security-session and I found the following at middleware.py "process_request":
from django.contrib.auth import logout
...
def process_request(self, request):
...
delta = now - get_last_activity(request.session)
if delta.seconds >= EXPIRE_AFTER:
logout(request)
...
So it seems that django-security-session relies on django.contrib.auth for closing the session. This logout flushes the current session and removes user id's from the request. However, the current page for the user that has just being logged out is still preserved for redirection after the following login. This login, in my case, is performed by the decorator @login_required, which relies on method "django.contrib.auth.views.redirect_to_login":
def redirect_to_login(next, login_url=None, \
redirect_field_name=REDIRECT_FIELD_NAME):
...
resolved_url = resolve_url(login_url or settings.LOGIN_URL)
login_url_parts = list(urlparse(resolved_url))
if redirect_field_name:
querystring = QueryDict(login_url_parts[4], mutable=True)
querystring[redirect_field_name] = next
login_url_parts[4] = querystring.urlencode(safe='/')
return HttpResponseRedirect(urlunparse(login_url_parts))
... where the page for redirection is generated utilizing the url from the last user that is already logged out and that might not be the same as the one that is logging in right now.
Before starting freaking out around the code, is there anything I am missing? Is there anyway in which I can instruct django.contrib.auth not to do this and, in case a different user logs in, just redirect the new user to its home page?
Copyright Notice:Content Author:「nsx」,Reproduced under the CC 4.0 BY-SA copyright license with a link to the original source and this disclaimer.
Link to original article:https://stackoverflow.com/questions/20550170/redirect-to-previous-users-last-page-after-new-user-login