django.contrib.auth.views.logout视图用于开发者实现用户注销退出功能,正常情况下对于 logout 视图应使用官方提供的django.contrib.auth.decorators.login_required修饰器方法来判断用户是否已经登录。由于不少开发人员忽略使用修饰器进行判断,导致攻击者可以匿名访问视图,不断创建会话阻塞导致拒绝服务攻击。 django/contrib/s...
则只显示成功登录消息;如果用户没有经过身份验证,则显示错误消息,然后尝试注销。将用户注销是dispatch方...
Shouldn't the function in '.../django/contrib/auth/views.py' be something like. def logout(request, next_page=None, template_name='registration/logged_out.html', redirect_field_name=REDIRECT_FIELD_NAME): "Logs out the user and displays 'You are logged out' message." from django.contrib...
Sincetemplate_nameis passed as an arg, it isn't included in the call toas_view()that actually sets attributes (includingtemplate_name. Before making this call, I suspect thelogout()function should convert template_name (and possibly other args) into kwargs. ...
If you log in and then log out, logout() doesn't cause an error. Only when you have never logged in and try to log out. Attached is a simple testcase and a one line fix to the logout() function simple checking to see if that key exists before trying to delete it....