From 39a907a051617d97a9724512791a4d9a53ee2f10 Mon Sep 17 00:00:00 2001
From: Adrian Holovaty <adrian@holovaty.com>
Date: Fri, 23 Sep 2005 01:28:44 +0000
Subject: [PATCH] Added request.session.delete_test_cookie()

git-svn-id: http://code.djangoproject.com/svn/django/trunk@669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/middleware/admin.py    | 1 +
 django/middleware/sessions.py | 3 +++
 django/views/auth/login.py    | 1 +
 docs/sessions.txt             | 9 ++++++++-
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/django/middleware/admin.py b/django/middleware/admin.py
index 1ad1f09796..ff21689646 100644
--- a/django/middleware/admin.py
+++ b/django/middleware/admin.py
@@ -81,6 +81,7 @@ class AdminUserRequired:
                         request.user = user
                         return
                     else:
+                        request.session.delete_test_cookie()
                         return httpwrappers.HttpResponseRedirect(request.path)
             else:
                 return self.display_login_form(request, ERROR_MESSAGE)
diff --git a/django/middleware/sessions.py b/django/middleware/sessions.py
index 1f9b7dbb99..a588e3e95b 100644
--- a/django/middleware/sessions.py
+++ b/django/middleware/sessions.py
@@ -30,6 +30,9 @@ class SessionWrapper(object):
     def test_cookie_worked(self):
         return self.get(TEST_COOKIE_NAME) == TEST_COOKIE_VALUE
 
+    def delete_test_cookie(self):
+        del self[TEST_COOKIE_NAME]
+
     def _get_session(self):
         # Lazily loads session from storage.
         try:
diff --git a/django/views/auth/login.py b/django/views/auth/login.py
index 8b375517cc..75a80c7907 100644
--- a/django/views/auth/login.py
+++ b/django/views/auth/login.py
@@ -18,6 +18,7 @@ def login(request):
             if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
                 redirect_to = '/accounts/profile/'
             request.session[users.SESSION_KEY] = manipulator.get_user_id()
+            request.session.delete_test_cookie()
             return HttpResponseRedirect(redirect_to)
     else:
         errors = {}
diff --git a/docs/sessions.txt b/docs/sessions.txt
index ad715767ca..22d06fdedd 100644
--- a/docs/sessions.txt
+++ b/docs/sessions.txt
@@ -46,7 +46,7 @@ It implements the following standard dictionary methods:
     * ``get(key, default=None)``
       Example: ``fav_color = request.session.get('fav_color', 'red')``
 
-It also has these two methods:
+It also has these three methods:
 
     * ``set_test_cookie()``
       Sets a test cookie to determine whether the user's browser supports
@@ -60,6 +60,9 @@ It also has these two methods:
       have to call ``set_test_cookie()`` on a previous, separate page request.
       See "Setting test cookies" below for more information.
 
+    * ``delete_test_cookie()``
+      Deletes the test cookie. Use this to clean up after yourself.
+
 You can edit ``request.session`` at any point in your view. You can edit it
 multiple times.
 
@@ -120,11 +123,15 @@ This awkward split between ``set_test_cookie()`` and ``test_cookie_worked()``
 is necessary due to the way cookies work. When you set a cookie, you can't
 actually tell whether a browser accepted it until the browser's next request.
 
+It's good practice to use ``delete_test_cookie()`` to clean up after yourself.
+Do this after you've verified that the test cookie worked.
+
 Here's a typical usage example::
 
     def login(request):
         if request.POST:
             if request.session.test_cookie_worked():
+                request.session.delete_test_cookie()
                 return HttpResponse("You're logged in.")
             else:
                 return HttpResponse("Please enable cookies and try again.")