Why can't I logout on django user auth?

Question

I am using the django.contrib.auth user management system.

So I got the registration/insert into the user table/model up and the login from django.contrib.auth.views.login up so I can log in.

However, I can't use django.contrib.auth.views.logout to logout

I have in my template

<h1>My Account</h1>
<strong> Welcome, {{ name|capfirst }}!</strong>
<br /><br />
<ul>
    <li>
        {% if user.is_authenticated %}
            <a href="{% url django.contrib.auth.views.logout %}">Logout</a>
        {% else %}
            <a href="{% url register %}">Sign Up</a>
    </li>
    <li>
            <a href="{% url django.contrib.auth.views.login %}">Login</a>
        {% endif %}
    </li>
</ul>

However I always get the name and the logout link because I never actually logout when I click on the logout button

Here is my urls.py section for this:

urlpatterns += patterns('django.contrib.auth.views',
    url(r'^login/$', 'login', { 'template_name': 'registration/login.html', 'SSL': settings.ENABLE_SSL }, 'login' ),
    url(r'^my_account/$', 'logout', { 'template_name': 'registration/my_account.html', 'SSL': settings.ENABLE_SSL }, 'logout' ),
)

What am I doing wrong? Note: I am also running django via apache2 with mod_wsgi

Thanks!

Added Info:

Not sure if this helps but I printed request.session.items in the html and got

[('_auth_user_backend', 'django.contrib.auth.backends.ModelBackend'), ('_auth_user_id', 9L)] 

when I was logged in and also after I clicked the logout button (django.contrib.auth.views.logout)

Also, I created:

from django.contrib.auth import logout
def logout_view(request):
    request.session.items = []
    request.session.modified = True
    logout(request)

And linked that to a second logout link/button and I didn't logout and the request.session.items stayed the same as above after clicking the link

I think I'm closing in:

In one of my view functions I did:

request.session["fav_color"] = "blue"
request.session.modified = True

and then print in html {{ request.session.items }} which gave me

    [('_auth_user_backend', 'django.contrib.auth.backends.ModelBackend'), ('_auth_user_id', 9L)] 

and no ('fav_color', 'blue') tuple. Did I do something wrong again, or is this proof that my request.session list isn't being modified?

K figured it out:

url(r'^my_account/$', 'logout', { 'template_name': 'registration/my_account.html', 'SSL': settings.ENABLE_SSL }, 'logout' ),

should be

url(r'^logout/$', 'logout', { 'template_name': 'registration/my_account.html', 'SSL': settings.ENABLE_SSL }, 'logout' ),

Answer 1

You need to have a logout view with the url pointing to that view. Nothing has to be on the template, just have django.contrib.auth.logout() in that logout view. On the new django servers you can eaisly logout, but you need to do this within a view, not a template. Here is an excerpt from the django book:

This example shows how you might use both authenticate() and login() within a view function:

from django.contrib import auth

def login_view(request):
  username = request.POST.get('username', '')
  password = request.POST.get('password', '')
  user = auth.authenticate(username=username, password=password)
  if user is not None and user.is_active:
      # Correct password, and the user is marked "active"
      auth.login(request, user)
      # Redirect to a success page.
      return HttpResponseRedirect("/account/loggedin/")
  else:
      # Show an error page
      return HttpResponseRedirect("/account/invalid/")

To log out a user, use django.contrib.auth.logout() within your view. It takes an HttpRequest object and has no return value:

from django.contrib import auth

def logout_view(request):
  auth.logout(request)
  # Redirect to a success page.
  return HttpResponseRedirect("/account/loggedout/")

Refer to the Django book in terms of everything http://www.djangobook.com/en/2.0/chapter14/, I learned everything from this book.

Answer 2

I've encountered this problem, and it's a stupid headache. This is how I force logging out. I preserve logout(request) to (hopefully) trigger the user logged out signals.:

def logout_view(request):

    logout(request)
    request.session.flush()
    request.user = AnonymousUser

    return HttpResponseRedirect('accounts/loggedout/')