问题
I am using RemoteUserMiddleware to authenticate with VAS.
Right now I set it up so the REMOTE_USER variable gets set only for my SSO login URL (/accounts/login/sso/), because I must allow my users to login via forms (for users not present in our SSO system). According to my debugging, the user gets authenticated correctly in VasMiddleware (which extends RemoteUserMiddleware to pre-process REMOTE_USER), but after the user gets redirected to the home page (/), authentication is lost.
How can I persist the information that user has been logged in?
回答1:
Django 1.9 will have a PersistentRemoteUserMiddleware, which will work when the authentication header is only present on the login page.
If you look at the patch, it shouldn't be too hard to do something similar in Django 1.8. I would try overriding process_request so that it doesn't call self._remove_invalid_user(request) to log out your user (that might end up duplicating a lot of code), or overriding _remove_invalid_user itself.
来源:https://stackoverflow.com/questions/32397474/persist-django-user-in-session