Commit aeda55e6 authored by Anssi Kääriäinen's avatar Anssi Kääriäinen
Browse files

Fixed #3881 -- skip saving session when response status is 500 

Saving session data is somewhat likely to lead into error when the
status code is 500. It is guaranteed to lead into error if the reason
for the 500 code is query error on PostgreSQL.
parent bebbbb7a

django/contrib/sessions/middleware.py

+9 −7
Original line number Diff line number Diff line
@@ -33,6 +33,8 @@ class SessionMiddleware(object): 
                    expires_time = time.time() + max_age

                    expires = cookie_date(expires_time)

                # Save the session data and refresh the client cookie.

                # Skip session save for 500 responses, refs #3881.

                if response.status_code != 500:

                    request.session.save()

                    response.set_cookie(settings.SESSION_COOKIE_NAME,

                            request.session.session_key, max_age=max_age,

django/contrib/sessions/tests.py

+16 −0
Original line number Diff line number Diff line
@@ -409,6 +409,22 @@ class SessionMiddlewareTests(unittest.TestCase): 
        self.assertNotIn('httponly',

                         str(response.cookies[settings.SESSION_COOKIE_NAME]))



    def test_session_save_on_500(self):

        request = RequestFactory().get('/')

        response = HttpResponse('Horrible error')

        response.status_code = 500

        middleware = SessionMiddleware()



        # Simulate a request the modifies the session

        middleware.process_request(request)

        request.session['hello'] = 'world'



        # Handle the response through the middleware

        response = middleware.process_response(request, response)



        # Check that the value wasn't saved above.

        self.assertNotIn('hello', request.session.load())





class CookieSessionTests(SessionTestsMixin, TestCase):

docs/releases/1.5.txt

+6 −0
Original line number Diff line number Diff line
@@ -177,6 +177,12 @@ autocommit behavior was never restored. This bug is now fixed in 1.5. While 
this is only a bug fix, it is worth checking your applications behavior if

you are using PostgreSQL together with the autocommit option.



Session not saved on 500 responses

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Django's session middleware will skip saving the session data if the

response's status code is 500.



Miscellaneous

~~~~~~~~~~~~~

docs/topics/http/sessions.txt

+3 −0
Original line number Diff line number Diff line
@@ -423,6 +423,9 @@ cookie will be sent on every request. 
Similarly, the ``expires`` part of a session cookie is updated each time the

session cookie is sent.



.. versionchanged:: 1.5

  The session is not saved if the response's status code is 500.



Browser-length sessions vs. persistent sessions

===============================================