id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
34173	SessionMiddleware support 503 status code	SessionIssue	Abhinav Yadav	"Hi guys,

I have the following situation. In one of my applications I'm having an issue with returning the right status code.
For example I had this situation where I wanted to list 1000 results, this normally takes a couple of seconds, but during this request, my DB went offline or got stuck for some reason. Currently, this resulted in a 500 status code. 
In the API client that interfaces with this code we want to return a 503 because of an external source that only retries tasks on specific status codes (like 503), The current SessionMiddleware hijacks the statuscode and makes it impossible to raise a Service Unavailable (503). 

{{{ 
if response.status_code != 500:
                    try:
                        request.session.save()
                    except UpdateError:
                        raise SessionInterrupted(
                            ""The request's session was deleted before the ""
                            ""request completed. The user may have logged ""
                            ""out in a concurrent request, for example.""
                        )
                    response.set_cookie(
                        settings.SESSION_COOKIE_NAME,
                        request.session.session_key, max_age=max_age,
                        expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
                        path=settings.SESSION_COOKIE_PATH,
                        secure=settings.SESSION_COOKIE_SECURE or None,
                        httponly=settings.SESSION_COOKIE_HTTPONLY or None,
                        samesite=settings.SESSION_COOKIE_SAMESITE,
                    )
}}}

As my DB is offline, this results in a 400 error, as the session can't be saved. But this is incorrect, as the base request isn't a bad request. 
I rewrote this small piece in a custom middleware that inherits the SessionMiddleware, but this is not a futureproof solution:

{{{ 
**if response.status_code not in [500, 503]:**
                    try:
                        request.session.save()
                    except UpdateError:
                        raise SessionInterrupted(
                            ""The request's session was deleted before the ""
                            ""request completed. The user may have logged ""
                            ""out in a concurrent request, for example.""
                        )
                    response.set_cookie(
                        settings.SESSION_COOKIE_NAME,
                        request.session.session_key, max_age=max_age,
                        expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
                        path=settings.SESSION_COOKIE_PATH,
                        secure=settings.SESSION_COOKIE_SECURE or None,
                        httponly=settings.SESSION_COOKIE_HTTPONLY or None,
                        samesite=settings.SESSION_COOKIE_SAMESITE,
                    )
}}}
 
It's a small change, but it will make it hard for us to keep track of all the Django updates. 

Do you have a solution for this issue?

Thanks in advance."	Cleanup/optimization	closed	contrib.sessions	4.1	Normal	fixed		Florian Apolloner Anssi Kääriäinen	Ready for checkin	1	0	0	0	1	0