(Nilesh Trivedi) #1

lib/auth/default_current_user_provider looks for this request header while looking for current_user. If present, the user_id is looked up in Redis for this header’s value.

What are the use cases that make use of this ability? Google did not turn up anything.

Also, after loading a user from this header, it seems that the rest of the checks and actions (checking whether the user is suspended or inactive, updating the user’s last_seen timestamp and ip_address) are bypassed. Why is this desirable?

(Sam Saffron) #2


This feature was added to allow long polling to work cross domain, I don’t recommend playing with this stuff unless you really know what you are doing.