Logout user when deleting current session

jazzband · Jan 5, 2017 · 317e337 · 317e337
1 parent ec18deb
commit 317e337
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 2 deletions.
diff --git a/README.rst b/README.rst
@@ -60,7 +60,9 @@ Installation
 4. Add ``SESSION_ENGINE = 'user_sessions.backends.db'``.
 5. Add ``url(r'', include('user_sessions.urls', 'user_sessions')),`` to your
    ``urls.py``.
-6. Run ``python manage.py syncdb`` (or ``migrate``) and browse to
+6. Make sure ``LOGOUT_REDIRECT_URL`` is set to some page to redirect users
+   after logging out.
+7. Run ``python manage.py syncdb`` (or ``migrate``) and browse to
    ``/account/sessions/``.
 
 GeoIP

diff --git a/docs/installation.rst b/docs/installation.rst
@@ -9,7 +9,10 @@ Installation
 4. Add ``SESSION_ENGINE = 'user_sessions.backends.db'``.
 5. Add ``url(r'', include('user_sessions.urls', 'user_sessions')),`` to your
    ``urls.py``.
-6. Run ``python manage.py syncdb`` (or ``migrate``) and start hacking!
+6. Make sure ``LOGOUT_REDIRECT_URL`` is set to some page to redirect users
+   after logging out.
+7. Run ``python manage.py syncdb`` (or ``migrate``) and browse to
+   ``/account/sessions/``.
 
 GeoIP
 -----

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
@@ -5,6 +5,7 @@ Release Notes
 ----------------------
 * Added Django Channels support
 * Fixed #62 -- Provide request.user in signals
+* Ending current session will logout instead, make sure LOGOUT_REDIRECT_URL is set
 
 1.3.1
 -----

diff --git a/example/settings.py b/example/settings.py
@@ -71,3 +71,4 @@
 GEOIP_PATH = os.path.join(PROJECT_PATH, 'GeoLiteCity.dat')
 
 LOGIN_URL = '/admin/'
+LOGOUT_REDIRECT_URL = '/admin/'
diff --git a/user_sessions/views.py b/user_sessions/views.py
@@ -1,5 +1,8 @@
+from django.conf import settings
+from django.contrib.auth import logout
 from django.contrib.auth.decorators import login_required
 from django.core.urlresolvers import reverse_lazy
+from django.shortcuts import redirect, resolve_url
 from django.utils.decorators import method_decorator
 from django.utils.timezone import now
 from django.views.generic import ListView, DeleteView, View
@@ -39,6 +42,17 @@ class SessionDeleteView(LoginRequiredMixin, SessionMixin, DeleteView):
     This view allows a user to delete an active session. For example log
     out a session from a computer at the local library or a friend's place.
     """
+    def delete(self, request, *args, **kwargs):
+        if kwargs['pk'] == request.session.session_key:
+            logout(request)
+            if hasattr(settings, 'LOGOUT_REDIRECT_URL'):
+                # Django 1.10
+                return redirect(resolve_url(settings.LOGOUT_REDIRECT_URL))
+            else:
+                # Django 1.8-1.9
+                return redirect(resolve_url(settings.LOGOUT_URL))
+        super().delete(request, *args, **kwargs)
+
     def get_success_url(self):
         return str(reverse_lazy('user_sessions:session_list'))