#34173: SessionMiddleware support 503 status code
----------------------------------+--------------------------------------
Reporter: SessionIssue | Owner: nobody
Type: New feature | Status: new
Component: contrib.sessions | Version: 4.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------+--------------------------------------
Changes (by SessionIssue):
* status: closed => new
* type: Bug => New feature
* resolution: invalid =>
Old description:
> Hi guys,
>
> I have the following situation. In one of my applications I'm having an
> issue with returning the right status code.
> For example I had this situation where I wanted to list 1000 results,
> this normally takes a couple of seconds, but during this request, my DB
> went offline or got stuck for some reason. Currently, this resulted in a
> 500 status code.
> As I have a custom controller that only retries tasks on specific status
> codes (like 503), I want to return a 503 status code (I also think that
> 503 is a more suitable one than 500 in this case), but this resulted in
> returning a 400 status code. The reason for that is the SessionMiddleware
> and particularly this part:
>
> {{{
> if response.status_code != 500:
> try:
> request.session.save()
> except UpdateError:
> raise SessionInterrupted(
> "The request's session was deleted before the
> "
> "request completed. The user may have logged
> "
> "out in a concurrent request, for example."
> )
> response.set_cookie(
> settings.SESSION_COOKIE_NAME,
> request.session.session_key, max_age=max_age,
> expires=expires,
> domain=settings.SESSION_COOKIE_DOMAIN,
> path=settings.SESSION_COOKIE_PATH,
> secure=settings.SESSION_COOKIE_SECURE or None,
> httponly=settings.SESSION_COOKIE_HTTPONLY or
> None,
> samesite=settings.SESSION_COOKIE_SAMESITE,
> )
> }}}
> As my DB is offline, this results in a 400 error, as the session can't be
> saved.
> I rewrote this small piece in a custom middleware that inherits the
> SessionMiddleware, but this is not a futureproof solution:
>
> {{{
> **if response.status_code not in [500, 503]:**
> try:
> request.session.save()
> except UpdateError:
> raise SessionInterrupted(
> "The request's session was deleted before the
> "
> "request completed. The user may have logged
> "
> "out in a concurrent request, for example."
> )
> response.set_cookie(
> settings.SESSION_COOKIE_NAME,
> request.session.session_key, max_age=max_age,
> expires=expires,
> domain=settings.SESSION_COOKIE_DOMAIN,
> path=settings.SESSION_COOKIE_PATH,
> secure=settings.SESSION_COOKIE_SECURE or None,
> httponly=settings.SESSION_COOKIE_HTTPONLY or
> None,
> samesite=settings.SESSION_COOKIE_SAMESITE,
> )
> }}}
>
> It's a small change, but it will make it hard for us to keep track of all
> the Django updates.
>
> Do you have a generic solution for this issue?
>
> Thanks in advance.
New description:
Hi guys,
I have the following situation. In one of my applications I'm having an
issue with returning the right status code.
For example I had this situation where I wanted to list 1000 results, this
normally takes a couple of seconds, but during this request, my DB went
offline or got stuck for some reason. Currently, this resulted in a 500
status code.
In the API client that interfaces with this code we want to return a 503
because of an external source that only retries tasks on specific status
codes (like 503), The current SessionMiddleware hijacks the statuscode and
makes it impossible to raise a Service Unavailable (503).
{{{
if response.status_code != 500:
try:
request.session.save()
except UpdateError:
raise SessionInterrupted(
"The request's session was deleted before the
"
"request completed. The user may have logged "
"out in a concurrent request, for example."
)
response.set_cookie(
settings.SESSION_COOKIE_NAME,
request.session.session_key, max_age=max_age,
expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None,
samesite=settings.SESSION_COOKIE_SAMESITE,
)
}}}
As my DB is offline, this results in a 400 error, as the session can't be
saved. But this is incorrect, as the base request isn't a bad request.
I rewrote this small piece in a custom middleware that inherits the
SessionMiddleware, but this is not a futureproof solution:
{{{
**if response.status_code not in [500, 503]:**
try:
request.session.save()
except UpdateError:
raise SessionInterrupted(
"The request's session was deleted before the
"
"request completed. The user may have logged "
"out in a concurrent request, for example."
)
response.set_cookie(
settings.SESSION_COOKIE_NAME,
request.session.session_key, max_age=max_age,
expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None,
samesite=settings.SESSION_COOKIE_SAMESITE,
)
}}}
It's a small change, but it will make it hard for us to keep track of all
the Django updates.
Do you have a solution for this issue?
Thanks in advance.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/34173#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/010701849eaab043-1445435b-c706-4012-9a07-d862c88d3ca8-000000%40eu-central-1.amazonses.com.
