From ecf75e5957dfccc44c6a79abcc095592e26b576a Mon Sep 17 00:00:00 2001 From: Claude Paroz Date: Fri, 16 Mar 2012 19:30:00 +0000 Subject: [PATCH] Fixed #17841 -- Clarified caching note about authentication backends. Thanks auzigog for the proposal and lukegb for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17752 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/topics/auth.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt index 528c7c8718..1e73abd5a1 100644 --- a/docs/topics/auth.txt +++ b/docs/topics/auth.txt @@ -1783,8 +1783,9 @@ processing at the first positive match. Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend - for subsequent authentication attempts for that user. This effectively means - that authentication sources are cached, so if you change + for the duration of that session whenever access to the currently + authenticated user is needed. This effectively means that authentication + sources are cached on a per-session basis, so if you change :setting:`AUTHENTICATION_BACKENDS`, you'll need to clear out session data if you need to force users to re-authenticate using different methods. A simple way to do that is simply to execute ``Session.objects.all().delete()``.