Opened 11 years ago

Closed 11 years ago

Last modified 8 years ago

#8509 closed (fixed)

Test cookie deletion in admin crashes with a KeyError when a previously authenticated user logs in to the admin

Reported by: Rajesh Dhawan Owned by: nobody
Component: contrib.admin Version: master
Severity: Keywords: Admin auth cookies
Cc: rajesh.dhawan@… Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Error trace:

File "/home/rajesh/Development/default-django/django/core/handlers/"
in get_response 86. response = callback(request, *callback_args, **callback_kwargs)
File "/home/rajesh/Development/default-django/django/contrib/admin/"
in root 156. return self.login(request)
File "/home/rajesh/Development/django-svn/django/views/decorators/"
in _wrapped_view_func 44. response = view_func(request, *args, **kwargs)
File "/home/rajesh/Development/default-django/django/contrib/admin/"
in login 280. request.session.delete_test_cookie()
File "/home/rajesh/Development/default-django/django/contrib/sessions/backends/"
in delete_test_cookie 84. del self[self.TEST_COOKIE_NAME]
File "/home/rajesh/Development/default-django/django/contrib/sessions/backends/"
in __delitem__ 53. del self._session[key]
Exception Type: KeyError at /admin/ Exception Value: 'testcookie'

Steps to reproduce:

  1. Log in to the site as a regular (non-staff) user.
  1. Without logging out, log in to the admin area as a staff user.
  1. KeyError is raised by the application.

With reference to django/trunk/django/contrib/admin/, the login call on line 274 has the side effect of flushing/clearing out the session of the previously logged in user (as of [8343]). This empty session causes the delete_test_cookie call on line 277 to fail with a KeyError.

I think that the test cookie should only be deleted after checking request.session.test_cookie_worked(). Note that there is test_cookie_worked() call at line 244 but that does not account for the above case where the session is subsequently going to be cleared out.

Attachments (1)

testcookie_fix.diff (793 bytes) - added by Rajesh Dhawan 11 years ago.
Admin testcookie delete fails in certain cases. Attached patch fixes this.

Download all attachments as: .zip

Change History (5)

Changed 11 years ago by Rajesh Dhawan

Attachment: testcookie_fix.diff added

Admin testcookie delete fails in certain cases. Attached patch fixes this.

comment:1 Changed 11 years ago by Rajesh Dhawan

Has patch: set

comment:2 Changed 11 years ago by Rajesh Dhawan

Keywords: Admin auth cookies added

comment:3 Changed 11 years ago by Russell Keith-Magee

Resolution: fixed
Status: newclosed

(In [8509]) Fixed #8509: Cleaned up handling of test cookies in admin logins. Thanks to rajeshd for the report of a problem case.

comment:4 Changed 8 years ago by Jacob

milestone: 1.0

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top