Opened 12 months ago
Last modified 12 months ago
#34571 closed Cleanup/optimization
Request with invalid session after concurrent logout or session timeout is considered a BadRequest — at Initial Version
| Reported by: | Daniel Nunes | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.sessions | Version: | 3.2 |
| Severity: | Normal | Keywords: | session, session bad request |
| Cc: | Carlton Gibson | Triage Stage: | Unreviewed |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
When working with multiple tabs, if a user logs out or his session times out, any concurrent request happening in another tab will be considered a bad request. See the SessionInterrupted exception raised.
I see that @carltongibson was slightly worried about the status code and I feel the same. This for me should be handled as forbidden because the request is actually well-formed, but it's not allowed anymore.
What do you think?
Note:
See TracTickets
for help on using tickets.