#27363: SessionMiddleware can return redirect(request.path) which might be an
unsafe thing to do
-------------------------------------+-------------------------------------
Reporter: Raphael Michel | Owner: Andrew
| Nester
Type: Bug | Status: assigned
Component: contrib.sessions | Version: 1.10
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Andrew Nester):
* status: new => assigned
* owner: nobody => Andrew Nester
Comment:
Agree that it's much better to return 400 HTTP status in case of deleted
session.
Proper pull request has been added to implement this
--
Ticket URL: <https://code.djangoproject.com/ticket/27363#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/066.8441cd85f71283d6f9b3d5ad1b0af9eb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
