Merge branch 'master' of github.com:torchbox/wagtail

2026-05-23 14:25:50 +00:00 · 2014-03-28 17:12:24 +00:00 · 2014-03-28 17:12:24 +00:00 · 6603a9e761
commit 6603a9e761
parent fd4697f677 20da2468d2
3 changed files with 20 additions and 2 deletions
--- a/wagtail/wagtailadmin/templates/wagtailadmin/shared/main_nav.html
+++ b/wagtail/wagtailadmin/templates/wagtailadmin/shared/main_nav.html
@ -12,7 +12,7 @@
        {% endcomment %}
        <li class="footer">
            <div class="avatar icon icon-user"><a href="{% url 'wagtailadmin_account' %}" title="{% trans 'Account settings' %}">{% if request.user.email %}<img src="{% gravatar_url request.user.email %}" />{% endif %}</a></div>
-            <a href="{% url 'django.contrib.auth.views.logout' %}">{% trans "Log out" %}</a>
+            <a href="{% url 'wagtailadmin_logout' %}">{% trans "Log out" %}</a>
        </li>
        {% if request.user.is_superuser %} {# for now, 'More' links will be superuser-only #}
            <li class="more">
--- a/wagtail/wagtailadmin/urls.py
+++ b/wagtail/wagtailadmin/urls.py
@ -13,7 +13,6 @@ urlpatterns = patterns(
            'extra_context': {'show_password_reset': getattr(settings, 'WAGTAIL_PASSWORD_MANAGEMENT_ENABLED', True)},
        } , name='wagtailadmin_login'
    ),
-    url(r'^logout/$', 'logout', {'next_page': 'wagtailadmin_login'}),

    # Password reset
    url(
@ -79,6 +78,7 @@ urlpatterns += patterns(

    url(r'^account/$', 'account.account', name='wagtailadmin_account'),
    url(r'^account/change_password/$', 'account.change_password', name='wagtailadmin_account_change_password'),
+    url(r'^logout/$', 'account.logout', name='wagtailadmin_logout'),

    url(r'^userbar/(\d+)/$', 'userbar.for_frontend', name='wagtailadmin_userbar_frontend'),
    url(r'^userbar/moderation/(\d+)/$', 'userbar.for_moderation', name='wagtailadmin_userbar_moderation'),
--- a/wagtail/wagtailadmin/views/account.py
+++ b/wagtail/wagtailadmin/views/account.py
@ -3,6 +3,7 @@ from django.shortcuts import render, redirect
 from django.contrib import messages
 from django.contrib.auth.forms import SetPasswordForm
 from django.contrib.auth.decorators import permission_required
+from django.contrib.auth.views import logout as auth_logout
 from django.utils.translation import ugettext as _ 

@permission_required('wagtailadmin.access_admin')
@ -34,3 +35,20 @@ def change_password(request):
        'form': form,
        'can_change_password': can_change_password,
    })
+
+
+def logout(request):
+    response = auth_logout(request, next_page = 'wagtailadmin_login')
+
+    # By default, logging out will generate a fresh sessionid cookie. We want to use the
+    # absence of sessionid as an indication that front-end pages are being viewed by a
+    # non-logged-in user and are therefore cacheable, so we forcibly delete the cookie here.
+    response.delete_cookie(settings.SESSION_COOKIE_NAME,
+        domain=settings.SESSION_COOKIE_DOMAIN,
+        path=settings.SESSION_COOKIE_PATH)
+
+    # HACK: pretend that the session hasn't been modified, so that SessionMiddleware
+    # won't override the above and write a new cookie.
+    request.session.modified = False
+
+    return response