Opened 19 months ago

Last modified 19 months ago

#34571 closed Cleanup/optimization

Request with invalid session after concurrent logout or session timeout is considered a BadRequest — at Version 1

Reported by: Daniel Nunes Owned by: nobody
Component: contrib.sessions Version: 3.2
Severity: Normal Keywords: session, session bad request
Cc: Carlton Gibson Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Daniel Nunes)

When working with multiple tabs, if a user logs out or his session times out, any concurrent request happening in another tab will be considered a bad request. See the SessionInterrupted exception raised.

I see that @carltongibson was slightly worried about the status code and I feel the same. This for me should be handled as forbidden (SessionInterrupted being a subclass of PermissionDenied) because the request is actually well-formed, but it's not allowed anymore.

What do you think?

Change History (1)

comment:1 by Daniel Nunes, 19 months ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top