#31962: Raise of SuspiciousOperation should use more specific SuspiciousSession class --------------------------------------------+------------------------ Reporter: alexmv | Owner: nobody Type: Uncategorized | Status: new Component: contrib.sessions | Version: master Severity: Normal | Keywords: Triage Stage: Unreviewed | Has patch: 1 Needs documentation: 0 | Needs tests: 0 Patch needs improvement: 0 | Easy pickings: 1 UI/UX: 0 | --------------------------------------------+------------------------ `django/contrib/sessions/middleware.py` contains the only non-test place where a bare `SuspiciousOperation` is raised; all other locations use one of its more specific subclasses. Making this suspicious operation that involves a session into a `raise SuspiciousSession` would remove this outlier, and make the exception more specific.
This is also notable because every SuspiciousOperation subclass gets its own logger, so this is the only place that is logged via the `django.security.SuspiciousOperation` logger. This should only require: {{{ diff --git django/contrib/sessions/middleware.py django/contrib/sessions/middleware.py index cb8c1ff45b..f8386a21ce 100644 --- django/contrib/sessions/middleware.py +++ django/contrib/sessions/middleware.py @@ -3,7 +3,7 @@ from importlib import import_module from django.conf import settings from django.contrib.sessions.backends.base import UpdateError -from django.core.exceptions import SuspiciousOperation +from django.contrib.sessions.exceptions import SuspiciousSession from django.utils.cache import patch_vary_headers from django.utils.deprecation import MiddlewareMixin from django.utils.http import http_date @@ -60,7 +60,7 @@ class SessionMiddleware(MiddlewareMixin): try: request.session.save() except UpdateError: - raise SuspiciousOperation( + raise SuspiciousSession( "The request's session was deleted before the " "request completed. The user may have logged " "out in a concurrent request, for example." }}} -- Ticket URL: <https://code.djangoproject.com/ticket/31962> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/049.93b4c2dd460959b80597624a46d75443%40djangoproject.com.