#34173: SessionMiddleware only returns 400 or 500 error in case of DB issues.
--------------------------------------------+------------------------
Reporter: SessionIssue | Owner: nobody
Type: Bug | Status: new
Component: contrib.sessions | Version: 4.1
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
--------------------------------------------+------------------------
Hi guys,
I have the following situation. In one of my applications I'm having an
issue with returning the right status code.
For example I had this situation where I wanted to list 1000 results, this
normally takes a couple of seconds, but during this request, my DB went
offline or got stuck for some reason. Currently, this resulted in a 500
status code.
As I have a custom controller that only retries tasks on specific status
codes (like 503), I want to return a 503 status code (I also think that
503 is a more suitable one than 500 in this case), but this resulted in
returning a 400 status code. The reason for that is the SessionMiddleware
and particularly this part:
{{{
if response.status_code != 500:
try:
request.session.save()
except UpdateError:
raise SessionInterrupted(
"The request's session was deleted before the
"
"request completed. The user may have logged "
"out in a concurrent request, for example."
)
response.set_cookie(
settings.SESSION_COOKIE_NAME,
request.session.session_key, max_age=max_age,
expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None,
samesite=settings.SESSION_COOKIE_SAMESITE,
)
}}}
As my DB is offline, this results in a 400 error, as the session can't be
saved.
I rewrote this small piece in a custom middleware that inherits the
SessionMiddleware, but this is not a futureproof solution:
{{{
**if response.status_code not in [500, 503]:**
try:
request.session.save()
except UpdateError:
raise SessionInterrupted(
"The request's session was deleted before the
"
"request completed. The user may have logged "
"out in a concurrent request, for example."
)
response.set_cookie(
settings.SESSION_COOKIE_NAME,
request.session.session_key, max_age=max_age,
expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None,
samesite=settings.SESSION_COOKIE_SAMESITE,
)
}}}
It's a small change, but it will make it hard for us to keep track of all
the Django updates.
Do you have a generic solution for this issue?
Thanks in advance.
--
Ticket URL: <https://code.djangoproject.com/ticket/34173>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/010701849a7c64b1-c4086b99-1047-415a-9367-b65b237a6a72-000000%40eu-central-1.amazonses.com.
