From 5431fdc645019c0b5eb0a60f41cd77aa3457ae07 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Mon, 28 Oct 2013 17:19:35 -0400
Subject: add NB notes about recursive add_response_callback policies, use req
 instead of self for normalization with exception getting

---
 pyramid/security.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/pyramid/security.py b/pyramid/security.py
index afca8cd9a..0d10b3998 100644
--- a/pyramid/security.py
+++ b/pyramid/security.py
@@ -413,7 +413,11 @@ class AuthenticationAPIMixin(object):
             # instructed
             exc = getattr(req, 'exception', None)
             if exc is None or on_exception:
-                headers = self._remember_userid(principal, **kw)
+                # NB: this call to _remember_userid should be exactly here
+                # because some policies actually add another response callback
+                # when their remember method is called, and we dont want them
+                # to do that if there's an exception in the default case.
+                headers = req._remember_userid(principal, **kw)
                 response.headerlist.extend(headers)
         self.add_response_callback(callback)
 
@@ -452,7 +456,11 @@ class AuthenticationAPIMixin(object):
         def callback(req, response):
             exc = getattr(req, 'exception', None)
             if exc is None or on_exception:
-                headers = self._forget_userid()
+                # NB: this call to _forget_userid should be exactly here
+                # because some policies actually add another response callback
+                # when their forget method is called, and we dont want them
+                # to do that if there's an exception in the default case.
+                headers = req._forget_userid()
                 response.headerlist.extend(headers)
         self.add_response_callback(callback)
 
-- 
cgit v1.2.3