id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
7418	session middleware claims user tampered with session cookie	Michael Soulier <msoulier@…>	nobody	"I am using the latest stable release of Django, 0.96, on CentOS Linux 4.6 with PostgreSQL postgresql-7.4.13-2.RHEL4.1.

I have had problems maintaining session persistence so I dropped some debug code into the session middleware, and found this:

INFO:django-teleworker:Session key is f26b6104bc3d7fa04311857265c3d3c5
session was in cache
failed to pull session from db, making new one
err = User tampered with session cookie.

django.contrib.sessions.models.Session.get_decoded is raising a !SuspiciousOperation exception. It's not clear why. 

{{{
>>> from django.contrib.sessions.models import Session
>>> q = Session.objects.all()
>>> for s in q:
...    print s.get_decoded()
...
Traceback (most recent call last):
  File ""<console>"", line 2, in ?
  File ""/var/tmp/django-0.96.2-root/usr/lib/python2.3/site-packages/django/contrib/sessions/models.py"", line 82, in get_decoded
SuspiciousOperation: User tampered with session cookie.
}}}

As things are I may have to remove this check to get things working. I looked in the trunk in SVN and this code doesn't seem any different. "		closed	contrib.sessions	0.96		worksforme		spage@…	Unreviewed	0	0	0	0	0	0