Opened 7 years ago

Closed 7 years ago

Last modified 4 years ago

#8509 closed (fixed)

Test cookie deletion in admin crashes with a KeyError when a previously authenticated user logs in to the admin

Reported by: rajeshd Owned by: nobody
Component: contrib.admin Version: master
Severity: Keywords: Admin auth cookies
Cc: rajesh.dhawan@… Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Error trace:

Traceback:
File "/home/rajesh/Development/default-django/django/core/handlers/base.py"
in get_response 86. response = callback(request, *callback_args, **callback_kwargs)
File "/home/rajesh/Development/default-django/django/contrib/admin/sites.py"
in root 156. return self.login(request)
File "/home/rajesh/Development/django-svn/django/views/decorators/cache.py"
in _wrapped_view_func 44. response = view_func(request, *args, **kwargs)
File "/home/rajesh/Development/default-django/django/contrib/admin/sites.py"
in login 280. request.session.delete_test_cookie()
File "/home/rajesh/Development/default-django/django/contrib/sessions/backends/base.py"
in delete_test_cookie 84. del self[self.TEST_COOKIE_NAME]
File "/home/rajesh/Development/default-django/django/contrib/sessions/backends/base.py"
in __delitem__ 53. del self._session[key]
Exception Type: KeyError at /admin/ Exception Value: 'testcookie'

Steps to reproduce:

  1. Log in to the site as a regular (non-staff) user.
  1. Without logging out, log in to the admin area as a staff user.
  1. KeyError is raised by the application.

With reference to django/trunk/django/contrib/admin/sites.py, the login call on line 274 has the side effect of flushing/clearing out the session of the previously logged in user (as of [8343]). This empty session causes the delete_test_cookie call on line 277 to fail with a KeyError.

I think that the test cookie should only be deleted after checking request.session.test_cookie_worked(). Note that there is test_cookie_worked() call at line 244 but that does not account for the above case where the session is subsequently going to be cleared out.

Attachments (1)

testcookie_fix.diff (793 bytes) - added by rajeshd 7 years ago.
Admin testcookie delete fails in certain cases. Attached patch fixes this.

Download all attachments as: .zip

Change History (5)

Changed 7 years ago by rajeshd

Admin testcookie delete fails in certain cases. Attached patch fixes this.

comment:1 Changed 7 years ago by rajeshd

  • Has patch set
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 7 years ago by rajeshd

  • Keywords Admin auth cookies added

comment:3 Changed 7 years ago by russellm

  • Resolution set to fixed
  • Status changed from new to closed

(In [8509]) Fixed #8509: Cleaned up handling of test cookies in admin logins. Thanks to rajeshd for the report of a problem case.

comment:4 Changed 4 years ago by jacob

  • milestone 1.0 deleted

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top