id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
8061	Allow login view to check test cookie	Joost Cassee	Joost Cassee	"The solution to ticket #3393, change [7692], removed the check for the test cookie on the login form. This was because that check breaks POSTs from login forms in views that don't call session.set_test_cookie(). On the other hand it break useful functionality (as mentioned in the ticket log). The attached patch adds a keyword parameter to the login ('check_test_cookie', default False) that if True will cause the request object to be passed to the AuthenticationForm.

The problem of having to call session.set_test_cookie() can by alleviated by always setting the test cookie unless the session cookie is present. This would not have to be a large overhead, as in the common case the session cookie is already set. (If that part of the ticket is accepted, then check_test_cookie could be made True by default or change [7692] be reverted.)

Two patches are attached to this ticket:
 * ''login-view.diff'' adds the extra parameter to the login view.
 * ''session-middleware.diff'' adds the test cookie to the response unless the session cookie was received

These patches are still pretty rough, documentation and tests would have to be written."		closed	contrib.sessions	dev		invalid		joost@…	Design decision needed	1	1	1	0	0	0