Code

Opened 6 years ago

Closed 6 years ago

Last modified 3 years ago

#8509 closed (fixed)

Test cookie deletion in admin crashes with a KeyError when a previously authenticated user logs in to the admin

Reported by: rajeshd Owned by: nobody
Component: contrib.admin Version: master
Severity: Keywords: Admin auth cookies
Cc: rajesh.dhawan@… Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Error trace:

Traceback:
File "/home/rajesh/Development/default-django/django/core/handlers/base.py"
in get_response 86. response = callback(request, *callback_args, **callback_kwargs)
File "/home/rajesh/Development/default-django/django/contrib/admin/sites.py"
in root 156. return self.login(request)
File "/home/rajesh/Development/django-svn/django/views/decorators/cache.py"
in _wrapped_view_func 44. response = view_func(request, *args, **kwargs)
File "/home/rajesh/Development/default-django/django/contrib/admin/sites.py"
in login 280. request.session.delete_test_cookie()
File "/home/rajesh/Development/default-django/django/contrib/sessions/backends/base.py"
in delete_test_cookie 84. del self[self.TEST_COOKIE_NAME]
File "/home/rajesh/Development/default-django/django/contrib/sessions/backends/base.py"
in __delitem__ 53. del self._session[key]
Exception Type: KeyError at /admin/ Exception Value: 'testcookie'

Steps to reproduce:

  1. Log in to the site as a regular (non-staff) user.
  1. Without logging out, log in to the admin area as a staff user.
  1. KeyError is raised by the application.

With reference to django/trunk/django/contrib/admin/sites.py, the login call on line 274 has the side effect of flushing/clearing out the session of the previously logged in user (as of [8343]). This empty session causes the delete_test_cookie call on line 277 to fail with a KeyError.

I think that the test cookie should only be deleted after checking request.session.test_cookie_worked(). Note that there is test_cookie_worked() call at line 244 but that does not account for the above case where the session is subsequently going to be cleared out.

Attachments (1)

testcookie_fix.diff (793 bytes) - added by rajeshd 6 years ago.
Admin testcookie delete fails in certain cases. Attached patch fixes this.

Download all attachments as: .zip

Change History (5)

Changed 6 years ago by rajeshd

Admin testcookie delete fails in certain cases. Attached patch fixes this.

comment:1 Changed 6 years ago by rajeshd

  • Has patch set
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 6 years ago by rajeshd

  • Keywords Admin auth cookies added

comment:3 Changed 6 years ago by russellm

  • Resolution set to fixed
  • Status changed from new to closed

(In [8509]) Fixed #8509: Cleaned up handling of test cookies in admin logins. Thanks to rajeshd for the report of a problem case.

comment:4 Changed 3 years ago by jacob

  • milestone 1.0 deleted

Milestone 1.0 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.