#28066 closed Bug (fixed)
SessionBase.cycle_key() discards session data if _session_cache isn't populated
| Reported by: | InvalidInterrupt | Owned by: | InvalidInterrupt |
|---|---|---|---|
| Component: | contrib.sessions | Version: | 1.11 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The cycle_key() method will use an empty dict for session data if it had not previously been loaded. The docstring says the function is there specifically to avoid losing sesison data, and the behavior feels inconsistent. This won't be noticed on most sites, as the AuthenticationMiddleware accesses the session on every request. However, it did cause problems for me in unittests for some views.
Change History (9)
comment:1 Changed 6 years ago by
| Easy pickings: | unset |
|---|
comment:2 Changed 6 years ago by
| Owner: | changed from nobody to InvalidInterrupt |
|---|---|
| Status: | new → assigned |
The first commit in https://github.com/InvalidInterrupt/django/tree/ticket_28066 modifies an existing check for this situation to fail if data is lost. I also went ahead and quickly wrote a patch for the issue. I'll submit a pull request if you also believe this is a bug.
comment:3 Changed 6 years ago by
| Summary: | SessionBase.cycle_key may discard session data → SessionBase.cycle_key() discards session data if _session_cache isn't populated |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
Looks okay at first glance. The previous change (887f3d3219b9f8192d27314eceee27ab1f89c5cc) was new in 1.11 so this could be backported.
Could you please give an example test that demonstrates the issue?