[Django] #34173: SessionMiddleware only returns 400 or 500 error in case of DB issues.
Django
--------------------------------------------+------------------------
Reporter: SessionIssue | Owner: nobody
Type: Bug | Status: new
Component: contrib.sessions | Version: 4.1
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
--------------------------------------------+------------------------
Hi guys,
I have the following situation. In one of my applications I'm having an
issue with returning the right status code.
For example I had this situation where I wanted to list 1000 results, this
normally takes a couple of seconds, but during this request, my DB went
offline or got stuck for some reason. Currently, this resulted in a 500
status code.
As I have a custom controller that only retries tasks on specific status
codes (like 503), I want to return a 503 status code (I also think that
503 is a more suitable one than 500 in this case), but this resulted in
returning a 400 status code. The reason for that is the SessionMiddleware
and particularly this part:
{{{
if response.status_code != 500:
try:
request.session.save()
except UpdateError:
raise SessionInterrupted(
"The request's session was deleted before the
"
"request completed. The user may have logged "
"out in a concurrent request, for example."
)
response.set_cookie(
settings.SESSION_COOKIE_NAME,
request.session.session_key, max_age=max_age,
expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None,
samesite=settings.SESSION_COOKIE_SAMESITE,
)
}}}
As my DB is offline, this results in a 400 error, as the session can't be
saved.
I rewrote this small piece in a custom middleware that inherits the
SessionMiddleware, but this is not a futureproof solution:
{{{
**if response.status_code not in [500, 503]:**
try:
request.session.save()
except UpdateError:
raise SessionInterrupted(
"The request's session was deleted before the
"
"request completed. The user may have logged "
"out in a concurrent request, for example."
)
response.set_cookie(
settings.SESSION_COOKIE_NAME,
request.session.session_key, max_age=max_age,
expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None,
samesite=settings.SESSION_COOKIE_SAMESITE,
)
}}}
It's a small change, but it will make it hard for us to keep track of all
the Django updates.
Do you have a generic solution for this issue?
Thanks in advance.
--
Ticket URL: <https://code.djangoproject.com/ticket/34173>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: SessionIssue | Owner: nobody
Type: Bug | Status: closed
Component: contrib.sessions | Version: 4.1
Severity: Normal | Resolution: invalid
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* status: new => closed
* resolution: => invalid
Comment:
Thanks for this ticket, however it is a support question and Trac is not a
[https://code.djangoproject.com/wiki/TicketClosingReasons/UseSupportChannels
support channel].
--
Ticket URL: <https://code.djangoproject.com/ticket/34173#comment:1>