[5.1.x] Fixed #36200 -- Clarified MIDDLEWARE setting updates when using a custom RemoteUserMiddleware.

joonashak · sarahboyce · commit 914cde19c230 · 2025-02-20T16:16:29.000+01:00
Backport of 87c5de3 from main.
diff --git a/docs/howto/auth-remote-user.txt b/docs/howto/auth-remote-user.txt
@@ -76,14 +76,27 @@ regardless of ``AUTHENTICATION_BACKENDS``.
 
 If your authentication mechanism uses a custom HTTP header and not
 ``REMOTE_USER``, you can subclass ``RemoteUserMiddleware`` and set the
-``header`` attribute to the desired ``request.META`` key.  For example::
+``header`` attribute to the desired ``request.META`` key.  For example:
+
+.. code-block:: python
+   :caption: ``mysite/middleware.py``
 
     from django.contrib.auth.middleware import RemoteUserMiddleware
 
 
-    class CustomHeaderMiddleware(RemoteUserMiddleware):
+    class CustomHeaderRemoteUserMiddleware(RemoteUserMiddleware):
         header = "HTTP_AUTHUSER"
 
+This custom middleware is then used in the :setting:`MIDDLEWARE` setting
+instead of :class:`django.contrib.auth.middleware.RemoteUserMiddleware`::
+
+    MIDDLEWARE = [
+        "...",
+        "django.contrib.auth.middleware.AuthenticationMiddleware",
+        "mysite.middleware.CustomHeaderRemoteUserMiddleware",
+        "...",
+    ]
+
 .. warning::
 
     Be very careful if using a ``RemoteUserMiddleware`` subclass with a custom
