#34571: Request with invalid session after concurrent logout or session timeout
is
considered a BadRequest
-------------------------------------+-------------------------------------
Reporter: Daniel | Owner: nobody
Nunes |
Type: | Status: new
Uncategorized |
Component: | Version: 3.2
contrib.sessions | Keywords: session, session
Severity: Normal | bad request
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
When working with multiple tabs, if a user logs out or his session times
out, any concurrent request happening in another tab will be considered a
bad request. See the {{{SessionInterrupted}}}
[https://github.com/django/django/blob/e1bbbbe6acb69e755554088bc573cc1835673209/django/contrib/sessions/middleware.py#L63-L67/
exception raised].
I see that
[https://github.com/django/django/pull/13395#pullrequestreview-484706827/
@carltongibson was slightly worried about the status code] and I feel the
same. This for me should be handled as **forbidden** because the request
is actually well-formed, but it's not allowed anymore.
What do you think?
--
Ticket URL: <https://code.djangoproject.com/ticket/34571>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018825540be8-bf9e154e-16c8-4b1b-8f22-5b7ba53df5bd-000000%40eu-central-1.amazonses.com.
