Logging out not expiring session

[eliezerp3]

Hi. Thank you so much for this package. I have this

 'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
        'knox.auth.TokenAuthentication',
    ),

in my settings.py. Issue is that the log out view only expires the token but the browser still stays logged in due to the session still being valid. Is there any way to expire the session when the user logs out?

[yd4011439]

If you are previously logged in with session authentication then dfr/knox won't do anything to remove that session. Try deleting the cookies and then next time it may not occur.

[eliezerp3]

@yd4011439 Unfortunately that doesn’t help. It seems it uses both session and token upon login but only expires the token (and not the session) upon logout.

[ge-lem]

Same error using the tutorial https://jazzband.github.io/django-rest-knox/auth/

class LoginView(KnoxLoginView):
    permission_classes = (permissions.AllowAny,)

    def post(self, request, format=None):
        serializer = AuthTokenSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        user = serializer.validated_data['user']
        login(request, user)
        return super(LoginView, self).post(request, format=None)

login(request, user) create the session cookie.

I also overide the LogoutView

class LogoutView(KnoxLogoutView):
    def post(self, request, format=None):
        response = super(LogoutView, self).post(request, format=None)
        logout(request)
        return response