Clear the thread values outside of handling request
Adding an around filter to clear the thread values. Without this there is a risk that the thread value from previous request will be used in other request, which can lead to security issues.
We clear the current user at the beginning of the request (except the test environment, where it's being used to simulate user being logged in). In the production, this should never happen, but it's better safe than sorry.
Added by Ivan Necas over 11 years ago
Clear the thread values outside of handling request
Adding an around filter to clear the thread values. Without this there
is a risk that the thread value from previous request will be used in
other request, which can lead to security issues.
We clear the current user at the beginning of the request (except the
test environment, where it's being used to simulate user being logged
in). In the production, this should never happen, but it's better safe
than sorry.