Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#28066 closed Bug (fixed)

SessionBase.cycle_key() discards session data if _session_cache isn't populated

Reported by: InvalidInterrupt Owned by: InvalidInterrupt
Component: contrib.sessions Version: 1.11
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The cycle_key() method will use an empty dict for session data if it had not previously been loaded. The docstring says the function is there specifically to avoid losing sesison data, and the behavior feels inconsistent. This won't be noticed on most sites, as the AuthenticationMiddleware accesses the session on every request. However, it did cause problems for me in unittests for some views.

Change History (9)

comment:1 by Tim Graham, 7 years ago

Easy pickings: unset

Could you please give an example test that demonstrates the issue?

comment:2 by InvalidInterrupt, 7 years ago

Owner: changed from nobody to InvalidInterrupt
Status: newassigned

The first commit in https://github.com/InvalidInterrupt/django/tree/ticket_28066 modifies an existing check for this situation to fail if data is lost. I also went ahead and quickly wrote a patch for the issue. I'll submit a pull request if you also believe this is a bug.

comment:3 by Tim Graham, 7 years ago

Summary: SessionBase.cycle_key may discard session dataSessionBase.cycle_key() discards session data if _session_cache isn't populated
Triage Stage: UnreviewedAccepted

Looks okay at first glance. The previous change (887f3d3219b9f8192d27314eceee27ab1f89c5cc) was new in 1.11 so this could be backported.

comment:4 by InvalidInterrupt, 7 years ago

Has patch: set

comment:5 by Tim Graham <timograham@…>, 7 years ago

Resolution: fixed
Status: assignedclosed

In dda596c:

Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data.

comment:6 by Tim Graham <timograham@…>, 7 years ago

In 5d556d2a:

[1.11.x] Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data.

Backport of dda596ca3296f5b2574cf4876a4e176594f52834 from master

comment:7 by GitHub <noreply@…>, 7 years ago

In 81f84494:

Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests.

Thanks Tim Graham for the review.

comment:8 by Mariusz Felisiak <felisiak.mariusz@…>, 7 years ago

In 3173d9a:

[1.11.x] Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests.

Thanks Tim Graham for the review.

Backport of 81f844940279140d27578fc6a5b134763ffcceb6 from master

comment:9 by Tim Graham <timograham@…>, 7 years ago

In d6524088:

[1.11.x] Refs #28066 -- Fixed Python 2 failures in sessions_tests.

Note: See TracTickets for help on using tickets.
Back to Top