id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
27706	Session key is not set when trying to log in, when another user's session cookie is sent with the login request	Utku Gültopu	nobody	"Code in `views.py`:

{{{
from django.contrib import auth
from django.contrib.auth.models import User
from django.http import HttpResponse
import json

def login(request):
    username = request.POST['username']
    password = request.POST['password']
    user = auth.authenticate(username=username, password=password)
    if user is not None:
        try:
            auth.login(request, user)
            session_key = request.session.session_key
            if session_key is not None:
                return HttpResponse(json.dumps({'status': 'Success',
                    'sessionid': session_key}))
            else:
                return HttpResponse(json.dumps({'status': 'Empty session key'}))
        except Exception as e:
            return HttpResponse(json.dumps({'status': 'Cannot log in'}))
    else:
        return HttpResponse(json.dumps({'status': 'Cannot authenticate'}))
}}}

== Steps to reproduce
1. `curl http://127.0.0.1:8000/login/ -d username=foo -d password=passfoo`
Response is:
{""status"": ""Success"", ""sessionid"": ""b65e765b2c4546da8825d5764c8ef126""}
2. `curl http://127.0.0.1:8000/login/ -d username=bar -d password=passbar -b sessionid=b65e765b2c4546da8825d5764c8ef126`
Response is:
{""status"": ""Empty session key""}

Is this expected behavior?

Regards"	Uncategorized	closed	contrib.auth	1.10	Normal	invalid			Unreviewed	0	0	0	0	0	0