#34173: SessionMiddleware only returns 400 or 500 error in case of DB issues.
--------------------------------------------+------------------------
Reporter: SessionIssue | Owner: nobody
Type: Bug | Status: new
Component: contrib.sessions | Version: 4.1
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
--------------------------------------------+------------------------
Hi guys,
I have the following situation. In one of my applications I'm having an
issue with returning the right status code.
For example I had this situation where I wanted to list 1000 results, this
normally takes a couple of seconds, but during this request, my DB went
offline or got stuck for some reason. Currently, this resulted in a 500
status code.
As I have a custom controller that only retries tasks on specific status
codes (like 503), I want to return a 503 status code (I also think that
503 is a more suitable one than 500 in this case), but this resulted in
returning a 400 status code. The reason for that is the SessionMiddleware
and particularly this part:
{{{
if response.status_code != 500:
try:
request.session.save()
except UpdateError:
raise SessionInterrupted(
"The request's session was deleted before the
"
"request completed. The user may have logged "
"out in a concurrent request, for example."
)
response.set_cookie(
settings.SESSION_COOKIE_NAME,
request.session.session_key, max_age=max_age,
expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None,
samesite=settings.SESSION_COOKIE_SAMESITE,
)
}}}
As my DB is offline, this results in a 400 error, as the session can't be
saved.
I rewrote this small piece in a custom middleware that inherits the
SessionMiddleware, but this is not a futureproof solution:
{{{
**if response.status_code not in [500, 503]:**
try:
request.session.save()
except UpdateError:
raise SessionInterrupted(
"The request's session was deleted before the
"
"request completed. The user may have logged "
"out in a concurrent request, for example."
)
response.set_cookie(
settings.SESSION_COOKIE_NAME,
request.session.session_key, max_age=max_age,
expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None,
samesite=settings.SESSION_COOKIE_SAMESITE,
)
}}}
It's a small change, but it will make it hard for us to keep track of all
the Django updates.
Do you have a generic solution for this issue?
Thanks in advance.
--
Ticket URL: <https://code.djangoproject.com/ticket/34173>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/010701849a7c64b1-c4086b99-1047-415a-9367-b65b237a6a72-000000%40eu-central-1.amazonses.com.
