Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#28066 closed Bug (fixed)

SessionBase.cycle_key() discards session data if _session_cache isn't populated

Reported by: InvalidInterrupt Owned by: InvalidInterrupt
Component: contrib.sessions Version: 1.11
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The cycle_key() method will use an empty dict for session data if it had not previously been loaded. The docstring says the function is there specifically to avoid losing sesison data, and the behavior feels inconsistent. This won't be noticed on most sites, as the AuthenticationMiddleware accesses the session on every request. However, it did cause problems for me in unittests for some views.

Change History (9)

comment:1 Changed 2 years ago by Tim Graham

Easy pickings: unset

Could you please give an example test that demonstrates the issue?

comment:2 Changed 2 years ago by InvalidInterrupt

Owner: changed from nobody to InvalidInterrupt
Status: newassigned

The first commit in https://github.com/InvalidInterrupt/django/tree/ticket_28066 modifies an existing check for this situation to fail if data is lost. I also went ahead and quickly wrote a patch for the issue. I'll submit a pull request if you also believe this is a bug.

comment:3 Changed 2 years ago by Tim Graham

Summary: SessionBase.cycle_key may discard session dataSessionBase.cycle_key() discards session data if _session_cache isn't populated
Triage Stage: UnreviewedAccepted

Looks okay at first glance. The previous change (887f3d3219b9f8192d27314eceee27ab1f89c5cc) was new in 1.11 so this could be backported.

comment:4 Changed 2 years ago by InvalidInterrupt

Has patch: set

comment:5 Changed 2 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: assignedclosed

In dda596c:

Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data.

comment:6 Changed 2 years ago by Tim Graham <timograham@…>

In 5d556d2a:

[1.11.x] Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data.

Backport of dda596ca3296f5b2574cf4876a4e176594f52834 from master

comment:7 Changed 2 years ago by GitHub <noreply@…>

In 81f84494:

Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests.

Thanks Tim Graham for the review.

comment:8 Changed 2 years ago by Mariusz Felisiak <felisiak.mariusz@…>

In 3173d9a:

[1.11.x] Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests.

Thanks Tim Graham for the review.

Backport of 81f844940279140d27578fc6a5b134763ffcceb6 from master

comment:9 Changed 2 years ago by Tim Graham <timograham@…>

In d6524088:

[1.11.x] Refs #28066 -- Fixed Python 2 failures in sessions_tests.

Note: See TracTickets for help on using tickets.
Back to Top