Fix issue #180 - KeyError when loading deleted session (#199)

Session.load does not properly handle state after .delete and .save was called. This happens when user logs out, but saves session id, and then tries to use it again.
bbangert · Oct 8, 2020 · 889d305 · 889d305
1 parent edb8f52
commit 889d305
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/beaker/session.py b/beaker/session.py
@@ -437,6 +437,7 @@ def load(self):
                 self.is_new = True
 
             if self.timeout is not None and \
+               '_accessed_time' in session_data and \
                now - session_data['_accessed_time'] > self.timeout:
                 timed_out = True
             else:

diff --git a/tests/test_session.py b/tests/test_session.py
@@ -483,6 +483,16 @@ def test_invalidate_invalid_signed_cookie_invalidate_corrupt():
     assert "foo" not in dict(session)
 
 
+def test_load_deleted_from_storage_session__not_loaded():
+    req = {'cookie': {'beaker.session.id': 123}}
+    session = Session(req, timeout=1)
+
+    session.delete()
+    session.save()
+
+    Session(req, timeout=1)
+
+
 class TestSaveAccessedTime(unittest.TestCase):
     # These tests can't use the memory session type since it seems that loading
     # winds up with references to the underlying storage and makes changes to