Home/ Questions/Q 8579409
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T20:36:12+00:00

I am implementing a basic login and logout page using django. My login function

  • 0

I am implementing a basic login and logout page using django. My login function adds a row into the django_session table in db. However, when I logout, it doesn’t remove the session row. Since the session is no longer valid and all the session related data is removed from the request, shouldn’t the logout function also remove the session row from the django_session table?

Here is my logout function:

@login_required
def logout_student(request):
    logout(request)
    # Redirect to a success page.
    return HttpResponseRedirect('/index/')

Thanks for your help.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you manually adds a row to django_session on login, then on django.contrib.auth.logout(), the request.session.flush()) function will only delete the row with the same primary key session_key as the current session key from django_session table.

    request.session.flush() is used to ensure that the previous session data can’t be accessed again from the user’s browser. It basically does two things:

    1. delete the current session data from the database (or cache, depends on which one you choose for your session backends).
    2. regenerate the session key value that is sent back to the user in the cookie.

    The Django source code of django.contrib.auth.logout():

    def logout(request):
    """
    Removes the authenticated user's ID from the request and flushes their
    session data.
    """
    # Dispatch the signal before the user is logged out so the receivers have a
    # chance to find out *who* logged out.
    user = getattr(request, 'user', None)
    if hasattr(user, 'is_authenticated') and not user.is_authenticated():
        user = None
    user_logged_out.send(sender=user.__class__, request=request, user=user)

    request.session.flush()
    if hasattr(request, 'user'):
        from django.contrib.auth.models import AnonymousUser
        request.user = AnonymousUser()

    Delete method for database-based session:

    def delete(self, session_key=None):
    if session_key is None:
        if self.session_key is None:
            return
        session_key = self.session_key
    try:
        Session.objects.get(session_key=session_key).delete()
    except Session.DoesNotExist:
        pass

    To remove the manually added row, you can utilize Django signal django.contrib.auth.signals.user_logged_out to delete row on user logout.

    • 0