Use clear_session to logout current user

Uninett · Mar 1, 2024 · 8b9a98c · 8b9a98c
1 parent 1bca3ac
commit 8b9a98c
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 8 deletions.
diff --git a/python/nav/web/auth/__init__.py b/python/nav/web/auth/__init__.py
@@ -28,7 +28,7 @@
 from nav.models.profiles import Account, AccountGroup
 from nav.web.auth import ldap, remote_user
 from nav.web.auth.sudo import desudo
-from nav.web.auth.utils import ACCOUNT_ID_VAR
+from nav.web.auth.utils import clear_session
 
 
 _logger = logging.getLogger(__name__)
@@ -151,10 +151,7 @@ def logout(request, sudo=False):
         return reverse('webfront-index')
     else:
         account = request.account
-        del request.session[ACCOUNT_ID_VAR]
-        del request.account
-        request.session.set_expiry(datetime.now())
-        request.session.save()
+        clear_session(request)
         _logger.debug('logout: logout %s', account.login)
         LogEntry.add_log_entry(account, 'log-out', '{actor} logged out', before=account)
     _logger.debug('logout: redirect to "/" after logout')

diff --git a/python/nav/web/auth/sudo.py b/python/nav/web/auth/sudo.py
@@ -22,7 +22,7 @@
 from nav.auditlog.models import LogEntry
 from nav.django.utils import is_admin, get_account
 from nav.models.profiles import Account
-from nav.web.auth.utils import set_account, ACCOUNT_ID_VAR
+from nav.web.auth.utils import set_account, ACCOUNT_ID_VAR, clear_session
 
 
 _logger = logging.getLogger(__name__)
@@ -68,8 +68,7 @@ def desudo(request):
     original_user_id = request.session[SUDOER_ID_VAR]
     original_user = Account.objects.get(id=original_user_id)
 
-    del request.session[ACCOUNT_ID_VAR]
-    del request.session[SUDOER_ID_VAR]
+    clear_session(request)
     set_account(request, original_user)
     _logger.info(
         'DeSudo: "%s" no longer acting as "%s"', original_user, request.account