fe3d855986
This is intended to silence a rare false positive that seems to happen when someone logs in on a browser that already has an active session for another user. We believe there should be no further positives once this case is handled. - login and logout views annotate the response to indicate the session user should be changing between the request and response phases - safe-sessions middleware skips the verify-user check when this annotation is present Also: - Adds a test around existing behavior for unexpected user-changes - Remove logging control based on `is_from_log_out`. This reverts most of af9e26f/PR #11479 for two reasons: - The safe-sessions `_verify_user` code has since changed to check for `request.user.id == None` - A commit later in the PR changes the login and logout pages to signal that the user/session change is expected
Status: Maintenance Responsibilities ================ The ``user_authn`` app contains user authentication related features such as login, registration, and credential management. Direction: Extract ================== Ideally this would be in its own service, but at this point, LMS is the home of all authentication related features. At this time, these features are still plugged into Studio. Future clean-up in Studio is intended to make this an LMS only feature. Glossary ======== More Documentation ==================