Request with invalid session after concurrent logout or session timeout is considered a BadRequest

[Daniel Nunes]

When working with multiple tabs, if a user logs out or his session times out, any concurrent request happening in another tab will be considered a bad request. See the SessionInterrupted ​exception raised.

I see that ​@carltongibson was slightly worried about the status code and I feel the same. This for me should be handled as forbidden (SessionInterrupted being a subclass of PermissionDenied) because the request is actually well-formed, but it's not allowed anymore.

What do you think?

[Natalia Bidart]

Hello! Thank you for your report. Considering that this was explicitly discussed in the PR you linked, and that Carlton and the rest of the reviewers were in agreement at the time to treat this as a 400 BadRequest, I believe that the best course of action at this point is to submit a new topic in the ​Django Forum, explaining your rationale and response status code change request. I'll close the ticket for now, but if there is agreement/positive feedback, please add a new comment here referencing the discussion and we'll be happy to re-open. Thanks!

[Daniel Nunes]

After discussing the ticket ​here with Carlton, I will re-open the ticket. I'll also assign it to myself.

Thank you!

[Mariusz Felisiak]

I appreciate you'd like to reopen the ticket, but less than 1 day of discussion and 1 vote is not enough to reopen a ticket. Let's wait few more days.

Also, take into account that PermissionDenied subclasses are ​treated differently than BadRequest ​subclasses.