Opened 3 years ago
Last modified 3 years ago
#34571 closed Cleanup/optimization
Request with invalid session after concurrent logout or session timeout is considered a BadRequest — at Version 2
| Reported by: | Daniel Nunes | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.sessions | Version: | 3.2 |
| Severity: | Normal | Keywords: | session, session bad request |
| Cc: | Carlton Gibson | Triage Stage: | Unreviewed |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
When working with multiple tabs, if a user logs out or his session times out, any concurrent request happening in another tab will be considered a bad request. See the SessionInterrupted exception raised.
I see that @carltongibson was slightly worried about the status code and I feel the same. This for me should be handled as forbidden (SessionInterrupted being a subclass of PermissionDenied) because the request is actually well-formed, but it's not allowed anymore.
What do you think?
Change History (2)
comment:1 by , 3 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 3 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.