Opened 19 months ago
Last modified 19 months ago
#34571 closed Cleanup/optimization
Request with invalid session after concurrent logout or session timeout is considered a BadRequest — at Initial Version
Reported by: | Daniel Nunes | Owned by: | nobody |
---|---|---|---|
Component: | contrib.sessions | Version: | 3.2 |
Severity: | Normal | Keywords: | session, session bad request |
Cc: | Carlton Gibson | Triage Stage: | Unreviewed |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
When working with multiple tabs, if a user logs out or his session times out, any concurrent request happening in another tab will be considered a bad request. See the SessionInterrupted
exception raised.
I see that @carltongibson was slightly worried about the status code and I feel the same. This for me should be handled as forbidden because the request is actually well-formed, but it's not allowed anymore.
What do you think?
Note:
See TracTickets
for help on using tickets.