made sure that, if voting as local-election voter, not logged out of overall account

helios/tests.py

@@ -483,6 +483,10 @@ class ElectionBlackboxTests(TestCase):
         self.assertContains(response, ballot.hash)
         self.assertContains(response, html_escape(encrypted_vote))
 
+        # if we request the redirect to cast_done, the voter should be logged out, but not the user
+        response = self.client.get("/helios/elections/%s/cast_done" % election_id)
+        assert not self.client.session.has_key('CURRENT_VOTER')
+
         # encrypted tally
         response = self.client.post("/helios/elections/%s/compute_tally" % election_id, {
                 "csrf_token" : self.client.session['csrf_token']                

helios/views.py

@@ -649,7 +649,13 @@ def one_election_cast_done(request, election):
     votes = CastVote.get_by_voter(voter)
     vote_hash = votes[0].vote_hash
 
+    # only log out if the setting says so *and* we're dealing
+    # with a site-wide voter. Definitely remove current_voter
+    if voter.user == user:
       logout = settings.LOGOUT_ON_CONFIRMATION
+    else:
+      logout = False
+      del request.session['CURRENT_VOTER']
 
     save_in_session_across_logouts(request, 'last_vote_hash', vote_hash)
   else:
@@ -664,7 +670,8 @@ def one_election_cast_done(request, election):
   #   auth_views.do_local_logout(request)
     
   # remote logout is happening asynchronously in an iframe to be modular given the logout mechanism
-  return render_template(request, 'cast_done', {'election': election, 'vote_hash': vote_hash, 'logout': logout}, include_user=False)
+  # include_user is set to False if logout is happening
+  return render_template(request, 'cast_done', {'election': election, 'vote_hash': vote_hash, 'logout': logout}, include_user=(not logout))
 
 @election_view()
 @json