Index: django/contrib/admin/sites.py =================================================================== --- django/contrib/admin/sites.py (revision 7609) +++ django/contrib/admin/sites.py (working copy) @@ -113,9 +113,13 @@ return self.logout(request) if not self.has_permission(request): - return self.login(request) - - + response = self.login(request) + if response: + # make sure that there is a response before returning + # this addresses any post data that might persist from + # expired sessions and continue through (#5999) + return response + if url == '': return self.index(request) elif url == 'password_change': @@ -245,7 +249,7 @@ # overwrite request.POST with the saved post_data, and continue request.POST = post_data request.user = user - return view_func(request, *args, **kwargs) + return else: request.session.delete_test_cookie() return http.HttpResponseRedirect(request.path) Index: tests/regressiontests/admin_views/tests.py =================================================================== --- tests/regressiontests/admin_views/tests.py (revision 7609) +++ tests/regressiontests/admin_views/tests.py (working copy) @@ -145,6 +145,16 @@ self.failUnlessEqual(Article.objects.all().count(), 3) self.client.get('/test_admin/admin/logout/') + # Check and make sure that if user expires, data still persists + post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict) + self.assertContains(post, 'Please log in again, because your session has expired.') + self.super_login['post_data'] = _encode_post_data(add_dict) + post = self.client.post('/test_admin/admin/admin_views/article/add/', self.super_login) + self.assertRedirects(post, '/test_admin/admin/admin_views/article/') + self.failUnlessEqual(Article.objects.all().count(), 4) + self.client.get('/test_admin/admin/logout/') + + def testChangeView(self): """Change view should restrict access and allow users to edit items."""