[Django] #26764: Session.cycle_key() throws Exception if the session hasn't been accessed

Wed, 15 Jun 2016 16:43:14 -0700 

#26764: Session.cycle_key() throws Exception if the session hasn't been accessed
----------------------------------+--------------------
     Reporter:  adam-iris         |      Owner:  nobody
         Type:  Uncategorized     |     Status:  new
    Component:  contrib.sessions  |    Version:  1.8
     Severity:  Normal            |   Keywords:
 Triage Stage:  Unreviewed        |  Has patch:  0
Easy pickings:  0                 |      UI/UX:  0
----------------------------------+--------------------
 A common use case I see is that a user changes some content then tries to
 view their changes on the website, but they get an older, previously-
 cached page.

 Since the page-level cache key uses the session id, my solution is to call
 `request.session.cycle_key()`. To the user this is presented as a "hard
 reload" -- it clears the session key then redirects back to the current
 page, the page-level cache will miss and the user will get a newly-
 generated version.

 However, this raised an exception:
 {{{ 'SessionStore' object has no attribute '_session_cache' }}}

 Upon inspection, it looks like `SessionBase._session_cache` doesn't get
 initialized except by calling `SessionBase._session`. But the
 `cycle_key()` method accesses `_session_cache` without ensuring that it's
 been initialized.

 My workaround was to prepend a meaningless access call:

 {{{
 request.session.get('foo')
 request.session.cycle_key()
 }}}

 This fixed the exception, but I think the proper fix is for `cycle_key()`
 to initialize (or more carefully check) `_session_cache`.

--
Ticket URL: <https://code.djangoproject.com/ticket/26764>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/052.69962bfc43bf09edf04ec11bd4ca9cdd%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to