Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. Note that data set during the anonymous session is retained when the user logs in.
(request, user, backend=None)
| 151 | |
| 152 | |
| 153 | def login(request, user, backend=None): |
| 154 | """ |
| 155 | Persist a user id and a backend in the request. This way a user doesn't |
| 156 | have to reauthenticate on every request. Note that data set during |
| 157 | the anonymous session is retained when the user logs in. |
| 158 | """ |
| 159 | session_auth_hash = user.get_session_auth_hash() |
| 160 | |
| 161 | if SESSION_KEY in request.session: |
| 162 | if _get_user_session_key(request) != user.pk or ( |
| 163 | session_auth_hash |
| 164 | and not constant_time_compare( |
| 165 | request.session.get(HASH_SESSION_KEY, ""), session_auth_hash |
| 166 | ) |
| 167 | ): |
| 168 | # To avoid reusing another user's session, create a new, empty |
| 169 | # session if the existing session corresponds to a different |
| 170 | # authenticated user. |
| 171 | request.session.flush() |
| 172 | else: |
| 173 | request.session.cycle_key() |
| 174 | |
| 175 | backend = _get_backend_from_user(user=user, backend=backend) |
| 176 | |
| 177 | request.session[SESSION_KEY] = user._meta.pk.value_to_string(user) |
| 178 | request.session[BACKEND_SESSION_KEY] = backend |
| 179 | request.session[HASH_SESSION_KEY] = session_auth_hash |
| 180 | if hasattr(request, "user"): |
| 181 | request.user = user |
| 182 | rotate_token(request) |
| 183 | user_logged_in.send(sender=user.__class__, request=request, user=user) |
| 184 | |
| 185 | |
| 186 | async def alogin(request, user, backend=None): |
no test coverage detected