Ticket #8061: check-session-cookie.diff

django/contrib/auth/views.py

@@ -17 +17 @@
     "Displays the login form and handles the login action."
     redirect_to = request.REQUEST.get(redirect_field_name, '')
     if request.method == "POST":
-        form = AuthenticationForm(data=request.POST)
+        form = AuthenticationForm(request, data=request.POST)
         if form.is_valid():
             # Light security check -- make sure redirect_to isn't garbage.
             if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
@@ -25 +25 @@
                 redirect_to = settings.LOGIN_REDIRECT_URL
             from django.contrib.auth import login
             login(request, form.get_user())
-            if request.session.test_cookie_worked():
-                request.session.delete_test_cookie()
             return HttpResponseRedirect(redirect_to)
     else:
         form = AuthenticationForm(request)
-    request.session.set_test_cookie()
     if Site._meta.installed:
         current_site = Site.objects.get_current()
     else:

django/contrib/auth/forms.py

@@ -73 +73 @@
         
         # TODO: determine whether this should move to its own method.
         if self.request:
-            if not self.request.session.test_cookie_worked():
+            from django.conf import settings
+            if settings.SESSION_COOKIE_NAME not in self.request.COOKIES:
                 raise forms.ValidationError(_("Your Web browser doesn't appear to have cookies enabled. Cookies are required for logging in."))
         
         return self.cleaned_data

django/contrib/sessions/backends/base.py

@@ -24 +24 @@
     def __init__(self, session_key=None):
         self._session_key = session_key
         self.accessed = False
-        self.modified = False
+        self.modified = (session_key is None)
 
     def __contains__(self, key):
         return key in self._session