id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
33409	Django logs out after a redirect with a long Cyrillic message	Dterb	nobody	"I am using a redirect from the payment system's website back on my site when the user decides to cancel the checkout:


{{{
@csrf_exempt
def payment_done(request):
    if request.method == 'POST':
        result = get_result(request)
        if result  == 'success':
            return redirect(reverse('payment_successful'))
        return redirect(reverse('subscribe'), messages=payment_unsuccessful_message(request))
    raise Http404
}}}

The code for getting the message added to the redirect is the following:

{{{
def payment_unsuccessful_message(request):
    with translation.override(translation.get_language()):
        return messages.error(
            request,
            render_to_string('billing/payment_unsuccessful_message.html'),
            extra_tags='safe, custom',
        )
}}}

Now, the problem is that the user is getting logged out when redirected this way, but **only in the Ukrainian** (Cyrillic) interface. In all the other (non-Cyrillic) languages, no redirect occurs and the user stays logged in.

I thought that the problem was with incorrect encoding, render_to_string, then with extra_tags, and so on. After several hours, I realised that the issue is with the length of the Cyrillic characters.

So, if you try this piece of code for the message added to the redirect (replaced the ''render_to_string'' with ''gettext'' for demonstration purposes), everything works fine and the user is not logged out forcedly:

{{{
def payment_unsuccessful_message(request):
    with translation.override(translation.get_language()):
        return messages.error(
            request,
            _(
                '<strong>Аааааа аа ааааааааа</strong>. Аааааа аа ааааааааа аааааа '
                'ааааааааа, аааааааа ааааааа ааа ааа аааа аааааааааа ааааааа аааааааа аааааааа: '
                '<em>ааааааааа аааааа ааааааааааа ааааааа аааааааааааа аааааааа аааааааааа '
                'ааааааааааа аааааа ааааааа а аааааааааа</em> аааа ааааааааааааааа ааааааааа '
                'аа ааааааа. ааааааа ааааааа ааааааааа аа'
            ),
            extra_tags='safe, custom',
        )
}}}

But add **one more Cyrillic character** in the end of the message, and the user will be logged out (although the message will be displayed correctly).

I believe that the reason is in the length of encoded characters but have not found any similar issue on the web, so I am reporting it as a bug."	Bug	closed	contrib.messages	3.0	Normal	needsinfo	messages, logout, redirect	Florian Apolloner	Unreviewed	0	0	0	0	0	0