[1.7.x] Fixed a KeyError on login with legacy sessions; refs #21649.
Thanks Loic for the report.
Backport of 11e30b684d
from master
This commit is contained in:
parent
edaff9b0df
commit
548acd77fd
|
@ -86,7 +86,7 @@ def login(request, user):
|
|||
if SESSION_KEY in request.session:
|
||||
if request.session[SESSION_KEY] != user.pk or (
|
||||
session_auth_hash and
|
||||
request.session[HASH_SESSION_KEY] != session_auth_hash):
|
||||
request.session.get(HASH_SESSION_KEY) != session_auth_hash):
|
||||
# To avoid reusing another user's session, create a new, empty
|
||||
# session if the existing session corresponds to a different
|
||||
# authenticated user.
|
||||
|
|
|
@ -595,6 +595,22 @@ class LoginTest(AuthViewsTestCase):
|
|||
self.login(password='foobar')
|
||||
self.assertNotEqual(original_session_key, self.client.session.session_key)
|
||||
|
||||
def test_login_session_without_hash_session_key(self):
|
||||
"""
|
||||
Session without django.contrib.auth.HASH_SESSION_KEY should login
|
||||
without an exception.
|
||||
"""
|
||||
user = User.objects.get(username='testclient')
|
||||
engine = import_module(settings.SESSION_ENGINE)
|
||||
session = engine.SessionStore()
|
||||
session[SESSION_KEY] = user.id
|
||||
session.save()
|
||||
original_session_key = session.session_key
|
||||
self.client.cookies[settings.SESSION_COOKIE_NAME] = original_session_key
|
||||
|
||||
self.login()
|
||||
self.assertNotEqual(original_session_key, self.client.session.session_key)
|
||||
|
||||
|
||||
@skipIfCustomUser
|
||||
class LoginURLSettings(AuthViewsTestCase):
|
||||
|
|
Loading…
Reference in New Issue